Information processing apparatus, information processing method, program, and information processing system

ABSTRACT

An information processing apparatus provides an enhanced capability of authentication safety when unlocking. The information processing apparatus includes communication circuitry configured to receive an unlocking request and first information generated based on a first secret key, from a first communication terminal and control circuitry configured to determine whether or not to cause a locking circuit to unlock, based on a first public key corresponding to the first secret key and the generated first information.

TECHNICAL FIELD

The present disclosure relates to an information processing apparatus,an information processing method, a program, and an informationprocessing system.

BACKGROUND ART

In the past, lock control devices capable of locking and unlocking doorselectrically have been developed. For example, Patent Literature 1discloses a technology that performs an unlocking control in which, whena portable device is placed over an electrical lock, the electrical lockreads key data from the portable device and then matches the read keydata to authentication key data.

CITATION LIST Patent Literature

Patent Literature 1: JP 2007-239347A

DISCLOSURE OF INVENTION Technical Problem

However, the technology described in Patent Literature 1 is low insafety of authentication. For example, in the above technology, the keydata of the portable device is transmitted to the electrical lock as itis. Accordingly, when transmitting the key data, there is a risk of keydata leak by intercept of another device, for example.

Thus, in the present disclosure, there is proposed an informationprocessing apparatus, an information processing method, a program, andan information processing system, which are novel and improved, and arecapable of enhancing the safety of authentication when unlocking.

Solution to Problem

According to the present disclosure, there is provided an informationprocessing apparatus including: a communication unit configured toreceive an unlocking request and first information generated on thebasis of a first secret key, from a first communication terminal; and adetermination unit configured to determine whether or not to cause alocking unit to unlock, on the basis of a first public key correspondingto the first secret key and the generated first information.

Further, according to the present disclosure, there is provided aninformation processing method including: receiving an unlocking requestand first information generated on the basis of a first secret key, froma first communication terminal; and determining whether or not to causea locking unit to unlock, on the basis of a first public keycorresponding to the first secret key and the generated firstinformation.

Further, according to the present disclosure, there is provided aprogram for causing a computer to function as: a communication unitconfigured to receive an unlocking request and first informationgenerated on the basis of a first secret key, from a first communicationterminal; and a determination unit configured to determine whether ornot to cause a locking unit to unlock, on the basis of a first publickey corresponding to the first secret key and the generated firstinformation.

Further, according to the present disclosure, there is provided aninformation processing system including: a first communication terminal;and an information processing apparatus. The information processingapparatus includes a communication unit configured to receive anunlocking request and first information generated on the basis of afirst secret key, from the first communication terminal, and adetermination unit configured to determine whether or not to cause alocking unit to unlock, on the basis of a first public key correspondingto the first secret key and the generated first information.

Advantageous Effects of Invention

As described above, according to the present disclosure, the safety ofauthentication when unlocking can be enhanced. Note that the effectdescribed herein is not necessarily restrictive, but may be one of theeffects described in embodiments of the present disclosure.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is an explanatory diagram illustrating an exemplary configurationof an information processing system according to a first embodiment ofthe present disclosure.

FIG. 2 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-1 according to the sameembodiment.

FIG. 3 is an explanatory diagram illustrating an exemplary configurationof an eKey according to the same embodiment.

FIG. 4 is a functional block diagram illustrating an exemplaryconfiguration of a user terminal 20 according to the same embodiment.

FIG. 5 is a functional block diagram illustrating an exemplaryconfiguration of a server 30 according to the same embodiment.

FIG. 6 is a sequence diagram illustrating an operation when registeringa key into a lock control device 10-1 according to the same embodiment.

FIG. 7 is a sequence diagram illustrating an operation when verifying akey of an owner 2 a according to the same embodiment.

FIG. 8 is a sequence diagram illustrating an operation when registeringan account into the server 30 according to the same embodiment.

FIG. 9 is a sequence diagram illustrating an operation when registeringa user terminal 20 into the server 30 according to the same embodiment.

FIG. 10 is a sequence diagram illustrating an operation whenauthenticating an account by the server 30 according to the sameembodiment.

FIG. 11 is a sequence diagram illustrating an operation when inviting aguest 2 b according to the same embodiment.

FIG. 12 is a sequence diagram illustrating an operation when requestingan issuance of the eKey according to the same embodiment.

FIG. 13 is a sequence diagram illustrating an operation when issuing theeKey according to the same embodiment.

FIG. 14 is a sequence diagram illustrating a part of an operation whenunlocking according to the same embodiment.

FIG. 15 is a sequence diagram illustrating a part of an operation of anunlocking process according to the same embodiment.

FIG. 16 is a sequence diagram illustrating a part of an operation of theunlocking process according to the same embodiment.

FIG. 17 is a sequence diagram illustrating an operation when requestingan invalidation of an eKey Group according to the same embodiment.

FIG. 18 is an explanatory diagram illustrating an exemplaryconfiguration of an information processing system according to anapplication example of the same embodiment.

FIG. 19 is an explanatory diagram illustrating an exemplaryconfiguration of an eKey according to the same application example.

FIG. 20 is a sequence diagram illustrating a part of an operationaccording to the same application example.

FIG. 21 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-2 according to a secondembodiment of the present disclosure.

FIG. 22 is an explanatory diagram illustrating an exemplaryconfiguration of an eKey according to the same embodiment.

FIG. 23 is a sequence diagram illustrating a part of an operation whenregistering a key into the lock control device 10-2 according to thesame embodiment.

FIG. 24 is a sequence diagram illustrating a part of an operation whenregistering a key into the lock control device 10-2 according to thesame embodiment.

FIG. 25 is a flowchart illustrating an operation of an MQ response dataverifying process according to the same embodiment.

FIG. 26 is a sequence diagram illustrating an operation when verifying akey of an owner 2 a according to the same embodiment.

FIG. 27 is a sequence diagram illustrating an operation when requestinga change of an algorithm according to the same embodiment.

FIG. 28 is a sequence diagram illustrating an operation whenauthenticating an account by a server 30 according to the sameembodiment.

FIG. 29 is a sequence diagram illustrating a part of an operation of anunlocking process according to the same embodiment.

FIG. 30 is a sequence diagram illustrating a part of an operation of theunlocking process according to the same embodiment.

FIG. 31 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-3 according to a thirdembodiment of the present disclosure.

FIG. 32 is an explanatory diagram illustrating an exemplaryconfiguration of an eKey according to the same embodiment.

FIG. 33 is a sequence diagram illustrating a part of an operation of anunlocking process according to the same embodiment.

FIG. 34 is an explanatory diagram illustrating an exemplaryconfiguration of an information processing system according to a fourthembodiment of the present disclosure.

FIG. 35 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-4 according to the sameembodiment.

FIG. 36 is an explanatory diagram illustrating a flow of a processrelevant to an individual user terminal 20 that has approached the lockcontrol device 10-4 according to the same embodiment.

FIG. 37 is a flowchart illustrating a part of an operation according tothe same embodiment.

FIG. 38 is a flowchart illustrating a part of an operation according tothe same embodiment.

FIG. 39 is a flowchart illustrating an operation of an unlocking requestdetermination process according to the same embodiment.

FIG. 40 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-5 according to a fifthembodiment of the present disclosure.

FIG. 41 is a flowchart illustrating an operation according to the sameembodiment.

FIG. 42 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-6 according to a sixthembodiment of the present disclosure.

FIG. 43 is a sequence diagram illustrating an operation according to thesame embodiment.

FIG. 44 is a functional block diagram illustrating an exemplaryconfiguration of a lock control device 10-7 according to a seventhembodiment of the present disclosure.

FIG. 45 is a sequence diagram illustrating an operation according to thesame embodiment.

MODE(S) FOR CARRYING OUT THE INVENTION

Hereinafter, preferred embodiments of the present disclosure will bedescribed in detail with reference to the appended drawings. Note that,in this specification and the drawings, elements that have substantiallythe same function and structure are denoted with the same referencesigns, and repeated explanation is omitted.

Also, in the present specification and drawings, a plurality ofstructural elements that have substantially the same function andstructure are sometimes distinguished by adding different alphabetsafter a same reference numeral. For example, a plurality ofconfigurations having substantially same function and structure aredistinguished as appropriate, like the user terminal 20 a and the userterminal 20 b. However, in a case where a plurality of structuralelements that have substantially the same function and structure areneedless to be distinguished from each other, only a same reference signis assigned. For example, in a case where a user terminal 20 a and auser terminal 20 b are needless to be distinguished particularly, theyare simply referred to as user terminal 20.

Also, “Description of Embodiments” will be described in accordance withthe item order listed below.

1. First Embodiment

2. Second Embodiment

3. Third Embodiment

4. Fourth Embodiment

5. Fifth Embodiment

6. Sixth Embodiment

7. Seventh Embodiment

8. Exemplary Variant

The present disclosure can be embodied in various forms, as described indetail in “1. First Embodiment” to “7. Seventh Embodiment” as oneexample. First, the first embodiment will be described.

1. First Embodiment 1-1. System Configuration

FIG. 1 is an explanatory diagram illustrating the configuration of aninformation processing system according to the first embodiment. Asillustrated in FIG. 1, the information processing system according tothe first embodiment includes a lock control device 10-1, user terminals20, a communication network 22, a server 30, and a database 32.

[1-1-1. Lock Control Device 10-1]

The lock control device 10-1 is an example of the information processingapparatus in the present disclosure. The lock control device 10-1 isattached to a door at an entrance of a house for example, for thepurpose of controlling locking and unlocking. More specifically, thelock control device 10-1 controls locking and unlocking of a lockingunit 132 corresponding to a thumbturn of a lock.

Also, this lock control device 10-1 controls unlocking on the basis ofan unlocking request received from the user terminal 20 described later.

[1-1-2. User Terminal 20]

The user terminal 20 is an example of a communication terminal in thepresent disclosure. The user terminal 20 is a terminal that a user 2possess, and is basically a portable terminal. For example, the userterminal 20 may be a mobile phone such as a smartphone, a tabletterminal, and a device of a watch type.

The user terminal 20 is capable of implementing an application forrequesting the lock control device 10-1 to unlock the door. Also, theuser terminal 20 is capable of communicating with the server 30 via thecommunication network 22 described later, by wireless communication forexample.

[1-1-3. Communication Network 22]

The communication network 22 is a wired or wireless transmission channelof information transmitted from devices connected to the communicationnetwork 22. For example, the communication network 22 may include apublic line network such as a telephone line network, the Internet, anda satellite communication network, various types of local area networks(LAN) including Ethernet (registered trademark), a wide area network(WAN). Also, the communication network 22 may include a dedicated linenetwork, such as an internet protocol-virtual private network (IP-VPN).

[1-1-4. Server 30]

The server 30 is an example of a management device in the presentdisclosure. The server 30 is a device for managing a key authenticationservice configured by a web system, for example. For example, the server30 newly registers an account of the user 2 on the basis of a requestfrom the user terminal 20, and authenticates when the user terminal 20logs in to the key authentication service.

[1-1-5. Database 32]

The database 32 is a device for storing various information utilized inthe key authentication service, in accordance with an instruction fromthe server 30. For example, the database 32 stores registrationinformation of the user 2 and the user terminal 20 having an unlockingright, in association with the individual lock control device 10-1.

Note that the information processing system according to the firstembodiment is not limited to the above configuration. For example, thedatabase 32 may be stored in the server 30, instead of being configuredas an independent device.

[1-1-6. Clarification of Problem]

(1-1-6-1. Problem 1)

In the above, the configuration of the information processing systemaccording to the first embodiment has been described. In the meantime,when the user terminal 20 requests unlocking to the lock control device10-1, it is necessary for the lock control device 10-1 to have thecapability of authenticating that the user terminal 20 is a rightfulterminal having the authority to unlock.

As the first method, the user terminal 20 is authenticated, byregistering an ID or a password of the user in the lock control device10-1, and then matching, by the lock control device 10-1, an ID or apassword received at the time of an unlocking request from the userterminal 20.

However, in this first method, when transmitting the ID or the password,there is a risk of ID or password leak, by intercept of another device,for example. Then, when the ID or the password has leaked, the otherdevice can unlock the door.

Also, as the second method, the user terminal 20 is authenticated, byregistering a common key in the lock control device 10-1 and the userterminal 20, and then verifying, by the lock control device 10-1, theresult obtained by decoding information encrypted with the common keyand received by the user terminal 20. In this method, even if theinformation transmitted and received between the lock control device10-1 and the user terminal 20 is intercepted, the risk of unlocking thedoor by another device is reduced. However, in this method,authentication is not performed without registering the same common keyin a plurality of devices, increasing the number of devices for managingthe key. As a result, there remains a risk of the key being intercepted.

(1-1-6-1. Problem 2)

Also, another problem is described below. It is desirable that the user2 who is an administrator that manages the key of the lock controldevice 10-1 (hereinafter, referred to as owner 2 a, in some cases) canissue unlockable key information for another user 2 (hereinafter,referred to as guest 2 b, in some cases).

In the publicly known technology, there is proposed a method in whichthe guest 2 b registers a his or her own key in the server, and then theowner 2 a sets the unlocking authority to the key of the guest 2 bregistered in the server, as the first method. However, in this method,the owner 2 a is unable to set the unlocking right to the guest 2 b, ina case where his or her own key has not been registered in the serveryet, e.g., when the guest 2 b has not installed an appropriateapplication. Also, in this method, even if the guest 2 b wishes toreceive the key information, it is sometimes difficult to know whichapplication is to be installed and how the setting of the terminal is tobe conducted, for example.

Also, the second method may be such that a key ID issued for the guest 2b by the owner 2 a is embedded in a URL (Uniform Resource Locator), andthen an e-mail including the URL and the installation procedure of theapplication is transmitted to the guest 2 b. However, in this method,when the key ID described in the e-mail main text is intercept by athird person, the third person can unlock the door.

Thus, in view of the above circumstances, the lock control device 10-1according to the first embodiment has been created. The lock controldevice 10-1 according to the first embodiment is capable ofauthenticating the user terminal 20, without leaking secret informationof the user terminal 20. Also, according to the first embodiment, thekey information can be prevented from leaking, when the owner 2 adelivers the key information of the lock control device 10-1 to theguest 2 b. In the following, this first embodiment will be described indetail sequentially.

1-2. Configuration

[1-2-1. Lock Control Device 10-1]

Next, the configuration according to the first embodiment will bedescribed in detail. FIG. 2 is a functional block diagram illustratingthe configuration of the lock control device 10-1 according to the firstembodiment. As illustrated in FIG. 2, the lock control device 10-1includes a control unit 100-1, a communication unit 130, a locking unit132, and a storage unit 134.

(1-2-1-1. Control Unit 100-1)

The control unit 100-1 generally controls the operation of the lockcontrol device 10-1, using hardware, such as a central processing unit(CPU) and a random access memory (RAM) for example, which are built intothe lock control device 10-1. Also, as illustrated in FIG. 2, thecontrol unit 100-1 includes a key information verifying unit 102, averification processing unit 104, a determination unit 106, a lockingcontrol unit 108, a random number generating unit 110, and atransmission control unit 112.

(1-2-1-2. Key Information Verifying Unit 102)

The key information verifying unit 102 is an example of a key verifyingunit in the present disclosure. The key information verifying unit 102determines the rightfulness of an eKey received from the user terminal20. Here, the eKey is an example of key information in the presentdisclosure.

For example, the key information verifying unit 102 verifies therightfulness of the public key of the user terminal 20 on the basis ofsignature information for the public key of the user terminal 20, whichis included in the received eKey. More specifically, the key informationverifying unit 102 verifies whether or not the public key of the userterminal 20 is rightful, on the basis of the public key of the userterminal 20, and the decoding result, by the verification processingunit 104, of the signature information for the public key of the userterminal 20 which is included in the received eKey.

Also, the key information verifying unit 102 determines whether or notthe eKey is within an effective period, with reference to the effectiveperiod of the received eKey.

eKey

Here, an exemplary configuration (eKey 40-1) of the eKey according tothe first embodiment will be described with reference to FIG. 3. Asillustrated in FIG. 3, the eKey 40-1 includes a header 400 and a mainbody 402, for example. Also, the header 400 includes an eKey ID 4000, adevice ID 4002, a lock ID 4004, and an effective period 4006. Also, themain body 402 includes an RSA public key 4020 and an RSA certificate4022 of the key.

Here, in the eKey ID 4000, the eKey ID corresponding to the eKey 40-1 isrecorded. Note that, the eKey ID is an ID decided by the user terminal20 a of the owner 2 a which has issued the eKey 40-1, for example. Also,in the device ID 4002, the terminal ID of the user terminal 20 havingthe eKey 40-1 is recorded. Also, in the lock ID 4004, the ID of the lockcontrol device 10-1 which is authorized to unlock is recorded (inassociation with the eKey 40-1). Also, in the effective period 4006, theeffective period set to the eKey 40-1 is recorded. For example, in theeffective period 4006, usable day, day of week, or, time period, and thelike are recorded. Note that FIG. 3 illustrates an example in which“ALWAYS”, which is the value indicating no limitation of the period, isrecorded as the effective period 4006. Also, in the RSA public key 4020,the RSA public key of the user terminal 20 to which the eKey 40-1 isissued is recorded. Also, in the RSA certificate 4022 of the key, thesignature information by the user terminal 20 a of the owner 2 a for theRSA public key of the user terminal 20 to which the eKey 40-1 is issuedis recorded. More specifically, in the RSA certificate 4022 of the key,the signature information using a RSA secret key of the user terminal 20a for the RSA public key of the user terminal 20 to which the eKey 40-1is issued is recorded.

Note that the user terminal 20 a of the owner 2 a is also capable ofissuing the eKey 40-1 for the terminal itself. In this case, in the RSAcertificate 4022 of the key, the signature information of the userterminal 20 a itself for the RSA public key of the user terminal 20 a isrecorded.

(1-2-1-3. Verification Processing Unit 104)

The verification processing unit 104 verifies, by a predeterminedalgorithm, the information generated on the basis of the secret key ofthe user terminal 20, which is received from the user terminal 20. Forexample, in a case where the information generated on the basis of thesecret key of the user terminal 20 is received, the verificationprocessing unit 104 verifies the received information on the basis ofthe public key of the user terminal 20. Also, the verificationprocessing unit 104 decodes the signature information by the userterminal 20 a of the owner 2 a for the public key of the user terminal20 b, which is included in the eKey received from the user terminal 20,on the basis of the public key of the user terminal 20 a.

(1-2-1-4. Determination Unit 106)

The determination unit 106 determines whether or not to cause thelocking unit 132 described later to unlock, on the basis of theverification result of the information generated on the basis of thesecret key of the user terminal 20, and the verification result of thepublic key of the user terminal 20. For example, the determination unit106 determines to cause the locking unit 132 to unlock, in a case wherethe key information verifying unit 102 verifies that the public key ofthe user terminal 20 is rightful, and the verification processing unit104 verifies that the information generated on the basis of the secretkey of the user terminal 20 is rightful. More specifically, first, thedetermination unit 106 confirms whether or not the key informationverifying unit 102 has verified that the public key of the user terminal20 is rightful. Then, the determination unit 106 determines to cause thelocking unit 132 to unlock, in a case where it is verified that thepublic key of the user terminal 20 is rightful, and the verificationprocessing unit 104 has verified that the information generated by theuser terminal 20 is rightful.

Also, the determination unit 106 determines not to cause the lockingunit 132 to unlock, in a case where it is verified that the public keyof the user terminal 20 is not rightful, or in a case where it isverified that the information generated on the basis of the secret keyof the user terminal 20 is not rightful.

(1-2-1-5. Locking Control Unit 108)

The locking control unit 108 controls the operation of the locking unit132 on the basis of the determination result by the determination unit106. For example, the locking control unit 108 causes the locking unit132 to unlock, in a case where the determination unit 106 has determinedto unlock.

(1-2-1-6. Random Number Generating Unit 110)

The random number generating unit 110 generates a random number, such asa uniform random number within a predetermined range, for example.

(1-2-1-7. Transmission Control Unit 112)

The transmission control unit 112 causes the communication unit 130 totransmit various types of information to the user terminal 20. Forexample, the transmission control unit 112 causes the communication unit130 to transmit the random number generated by the random numbergenerating unit 110, to the user terminal 20.

(1-2-1-8. Communication Unit 130)

The communication unit 130 performs transmission and reception ofinformation with another device, by the wireless communication inaccordance with Bluetooth (registered trademark) such as Bluetooth lowenergy (BLE), Wi-Fi (registered trademark), near field communication(NFC), or the like, for example. For example, the communication unit 130is controlled by the transmission control unit 112 to transmit therandom number to the user terminal 20. Also, the communication unit 130receives the eKey, the unlocking request, and the information generatedon the basis of the secret key of the user terminal 20, from the userterminal 20.

(1-2-1-9. Locking Unit 132)

The locking unit 132 carries out locking or unlocking in accordance withthe control of the locking control unit 108.

(1-2-1-10. Storage Unit 134)

The storage unit 134 is capable of storing various types of data, suchas a registration key DB 136 described later, and software, for example.

Registration Key DB 136

As described later, the registration key DB 136 is a database thatstores the information relevant to the user terminal 20 a of the owner 2a which manages the relevant lock control device 10-1. Also, as anexemplary variant, the registration key DB 136 is capable of storing theinformation relevant to the user terminal 20 b of the guest 2 b forwhich the determination unit 106 has determined to unlock.

[1-2-2. User Terminal 20]

FIG. 4 is a functional block diagram illustrating the configuration ofthe user terminal 20 according to the first embodiment. As illustratedin FIG. 4, the user terminal 20 includes a control unit 200, acommunication unit 220, an operation display unit 222, and a storageunit 224.

(1-2-2-1. Control Unit 200)

The control unit 200 generally controls the operation of the userterminal 20, using hardware, such as a CPU and a RAM for example, whichis built into the user terminal 20. Also, as illustrated in FIG. 4, thecontrol unit 200 includes a cipher generating unit 202, a keyinformation issuing unit 204, a transmission control unit 206, aninvitation e-mail generating unit 208, and a display control unit 210.

(1-2-2-2. Cipher Generating Unit 202)

Generation Example 1

The cipher generating unit 202 generates information on the basis of apredetermined algorithm and the random number received from the lockcontrol device 10-1, for example. For example, the cipher generatingunit 202 generates information on the basis of the received randomnumber and the secret key of the user terminal 20 stored in the storageunit 224 described later. Here, the predetermined algorithm is the RSAcryptographic algorithm, for example.

Generation Example 2

In addition, in a case where the user terminal 20 is the user terminal20 of the owner 2 a, the cipher generating unit 202 is also capable ofcreating a digital signature for the public key of the user terminal 20b of the guest 2 b. For example, in the above case, the ciphergenerating unit 202 creates a digital signature by encrypting the publickey of the guest 2 b, on the basis of the secret key of the userterminal 20.

(1-2-2-3. Key Information Issuing Unit 204)

The key information issuing unit 204 issues an eKey in association withthe user terminal 20 b, in a case where the user 2 of the user terminal20 has the authority for issuing an eKey, and the eKey issuance requestwith respect to another user terminal 20 b is received from the server30 described later. More specifically, in the above case, the keyinformation issuing unit 204 issues an eKey including signatureinformation for the public key of the user terminal 20 b, which isgenerated by the cipher generating unit 202.

(1-2-2-4. Transmission Control Unit 206)

The transmission control unit 206 causes the communication unit 220 totransmit various types of information to the lock control device 10-1 orthe server 30. For example, the transmission control unit 206 causes thecommunication unit 220 to transmit the information generated by thecipher generating unit 202 to the lock control device 10-1. Also, thetransmission control unit 206 causes the communication unit 220 totransmit the eKey issued by the key information issuing unit 204 to theserver 30. Also, the transmission control unit 206 causes thecommunication unit 220 to transmit the invitation e-mail generated bythe invitation e-mail generating unit 208 described later, to therelevant user terminal 20.

(1-2-2-5. Invitation E-Mail Generating Unit 208)

The invitation e-mail generating unit 208 generates the invitatione-mail including the eKey ID associated with another user terminal 20 band the link information to the server 30. Note that, when the userterminal 20 b receives this invitation e-mail, the user terminal 20 bconnects to the link information described in the invitation e-mail, andthus can request a person authorized to issue the eKey, such as theowner 2 a, to issue the eKey, for example.

(1-2-2-6. Display Control Unit 210)

The display control unit 210 causes the operation display unit 222 todisplay various types of display screen images. For example, in a casewhere the user terminal 20 is the user terminal 20 of the owner 2 a, thedisplay control unit 210 causes the operation display unit 222,described later, to display an eKey issuance approval screen image forinputting whether or not to approve the issuance of the eKey for theuser terminal 20 b of another user 2 b.

(1-2-2-7. Communication Unit 220)

The communication unit 220 performs transmission and reception ofinformation with another device, by the wireless communication inaccordance with Bluetooth, Wi-Fi, NFC, or the like, for example. Forexample, the communication unit 220 is controlled by the transmissioncontrol unit 206, to transmit the information generated by the ciphergenerating unit 202 to the lock control device 10-1.

(1-2-2-8. Operation Display Unit 222)

The operation display unit 222 is configured with a touch panel display,for example. This operation display unit 222 is controlled by thedisplay control unit 210, to display various types of display screenimages. Also, the operation display unit 222 accepts various types ofinput by the user, such as selection of selection buttons displayed onthe display screen image, for example.

(1-2-2-9. Storage Unit 224)

The storage unit 224 stores various types of software and various typesof data such as the RSA secret key of the user terminal 20, for example.

[1-2-3. Server 30]

FIG. 5 is a functional block diagram illustrating the configuration ofthe server 30 according to the first embodiment. As illustrated in FIG.5, the server 30 includes a control unit 300, a communication unit 320,and a storage unit 322.

(1-2-3-1. Control Unit 300)

The control unit 300 generally controls the operation of the server 30,using hardware, such as a CPU and a RAM for example, which is built intothe server 30. Also, as illustrated in FIG. 5, the control unit 300includes a key information issuance requesting unit 302, a transmissioncontrol unit 304, a random number generating unit 306, a verificationprocessing unit 308, and a verifying unit 310.

(1-2-3-2. Key Information Issuance Requesting Unit 302)

The key information issuance requesting unit 302 generates an eKeyissuance request corresponding to the eKey ID, in a case where receivingthe eKey ID from the user terminal 20 b of the guest 2 b.

(1-2-3-3. Transmission Control Unit 304)

The transmission control unit 304 causes the communication unit 320 totransmit various types of information to the user terminal 20. Forexample, the transmission control unit 304 causes the communication unit320 to transmit the eKey issuance request generated by the keyinformation issuance requesting unit 302, to the user terminal 20 a ofthe owner 2 a.

(1-2-3-4. Random Number Generating Unit 306)

The random number generating unit 306 generates a random number, such asa uniform random number within a predetermined range, for example.

(1-2-3-5. Verification Processing Unit 308)

The verification processing unit 308 verifies, by a predeterminedalgorithm, the information generated on the basis of the secret key ofthe user terminal 20, which is received from the user terminal 20. Forexample, the verification processing unit 104 decodes the informationgenerated on the basis of the secret key of the user terminal 20, whichis received from the user terminal 20, on the basis of the public key ofthe user terminal 20 recorded in the database 32 for example.

(1-2-3-7. Verifying Unit 310)

The verifying unit 310 verifies the rightfulness of the user terminal 20on the basis of the result of verification, by the verificationprocessing unit 308, of the information received from the user terminal20. For example, the verifying unit 310 determines that the userterminal 20 is rightful in a case where the verification processing unit308 verifies that the information received from the user terminal 20 isrightful, and determines that the user terminal 20 is not rightful in acase where the verification processing unit 308 verifies that the sameinformation is not rightful.

(1-2-3-8. Communication Unit 320)

The communication unit 320 performs transmission and reception ofinformation with another device connected to the communication network22, for example. For example, the communication unit 320 is controlledby the transmission control unit 304, to transmit the eKey issuancerequest to the relevant user terminal 20 a of the owner 2 a.

(1-2-3-9. Storage Unit 322)

The storage unit 322 stores various types of data and the software. Notethat, as an exemplary variant, the storage unit 322 is also capable ofstoring the database 32.

1-3. Operation

In the above, the configuration according to the first embodiment hasbeen described. Next, the operation according to the first embodimentwill be described in the following order with reference to FIGS. 6 to17.

1. Operation when registering a key into the lock control device 10-1

2. Operation when verifying the key of the owner 2 a

3. Operation when registering an account into the server 30

4. Operation when registering the user terminal 20 into the server 30

5. Operation when authenticating the account by the server 30

6. Operation when inviting the guest 2 b

7. Operation when requesting issuance of an eKey

8. Operation when issuing the eKey

9. Operation when unlocking

10. Operation of the unlocking process

11. Operation when requesting invalidation of an eKey Group

Note that, unless expressly stated otherwise, FIGS. 6 to 17 illustratesan example in which the user terminal 20 a is the user terminal 20 ofthe owner 2 a, and, the user terminal 20 b is the user terminal 20 ofthe guest 2 b.

[1-3-1. Operation when Registering Key into Lock Control Device 10-1]

FIG. 6 is a sequence diagram illustrating the operation when registeringa key into the lock control device 10-1, according to the firstembodiment. Note that this operation is an operation when initiallyregistering information such as the device ID and the public key of theuser terminal 20 a of the owner 2 a, into the lock control device 10-1managed by the owner 2 a. Also, this operation is basically performedonly once by the owner 2 a who manages the lock control device 10-1,with regard to each lock control device 10-1.

As illustrated in FIG. 6, first, the transmission control unit 112 ofthe lock control device 10-1 sends the lock ID which is theidentification information of the lock control device 10-1, to thesurrounding area, on a regular basis (S1001).

Thereafter, when the user terminal 20 a approaches the lock controldevice 10-1, the user terminal 20 a receives the lock ID sent from thelock control device 10-1, and then determines whether or not to be thetarget lock control device 10-1 on the basis of the received lock ID. Ifit is the target lock control device 10-1, the user terminal 20 aestablishes a session with the lock control device 10-1 (S1003).

Subsequently, the transmission control unit 206 of the user terminal 20a causes the communication unit 220 to transmit the device ID of theuser terminal 20 a and the RSA public key of the user terminal 20 a tothe lock control device 10-1 (S1005).

Thereafter, the control unit 100-1 of the lock control device 10-1confirms whether or not the device ID received in S1005 has beenrecorded in the registration key DB 136 (S1007). If the device ID hasbeen recorded in the registration key DB 136 (S1007: Yes), the lockcontrol device 10-1 performs the operation of S1019 described later.

On the other hand, if the device ID is not recorded in the registrationkey DB 136 (S1007: No), the random number generating unit 110 generatesa random number. Then, the transmission control unit 112 causes thecommunication unit 130 to transmit the generated random number to theuser terminal 20 a (S1009).

Thereafter, the cipher generating unit 202 of the user terminal 20 agenerates the RSA signature data by encrypting the random numberreceived in S1009 with the RSA secret key of the user terminal 20 a(S1011).

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit the RSA signature data generated in S1011 to thelock control device 10-1 (S1013).

Thereafter, the verification processing unit 104 of the lock controldevice 10-1 decodes the RSA signature data received in S1013, using theRSA public key received in S1005 (S1015).

Subsequently, the determination unit 106 compares the informationdecoded in S1015 and the random number generated in S1009 (S1017). Ifthe both are not identical with each other (S1017: No), thedetermination unit 106 sets “NG” to Result (=registration result),(S1019). Thereafter, the lock control device 10-1 performs the operationof S1025, which is described later.

On the other hand, if the both are identical with each other (S1017:Yes), the determination unit 106 sets “OK” to the Result (S1021). Then,the determination unit 106 records the device ID received in S1005 andthe RSA public key in association with each other, in the registrationkey DB 136 (S1023).

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit the Result set in S1019 or S1021 to the userterminal 20 a (S1025).

[1-3-2. Operation when Verifying Key of Owner 2 a]

Next, with reference to FIG. 7, the operation when verifying the key ofthe owner 2 a according to the first embodiment will be described. Notethat this operation is performed by the lock control device 10-1 toverify whether or not the user terminal 20 of the communication targetis the user terminal 20 a of the owner 2 a. For example, this operationis performed when the user terminal 20 requests a process authorizedonly to the owner 2 a, such as a deletion request of the data registeredin the lock control device 10-1.

The operation of S1101 to S1105 illustrated in FIG. 7 is substantiallysimilar to the operation of S1001 to S1005 illustrated in FIG. 6. Notethat S1103 is different from S1003 in that the user terminal 20 aestablishes a session with the lock control device 10-1 in a case wherethe lock ID received in S1101 is the lock ID of the lock control device10-1 that has registered the public key.

After S1105, the control unit 100-1 of the lock control device 10-1confirms whether or not the device ID received in S1105 has beenrecorded in the registration key DB 136 (S1107). If the device ID is notrecorded in the registration key DB 136 (S1107: No), the lock controldevice 10-1 performs the operation of S1119 described later.

On the other hand, if the device ID has been recorded in theregistration key DB 136 (S1107: Yes), the random number generating unit110 generates a random number. Then, the transmission control unit 112causes the communication unit 130 to transmit the generated randomnumber to the user terminal 20 a (S1109).

Note that the operation of S1111 to S1115 is substantially similar tothe operation of S1011 to S1015 illustrated in FIG. 6.

After S1115, the determination unit 106 compares the information decodedin S1115 and the random number generated in S1109 (S1117). If the bothare not identical with each other (S1117: No), the determination unit106 sets “NG” to Result (=verification result), and then does notauthenticate the user terminal 20 a (S1119). Thereafter, the lockcontrol device 10-1 performs the operation of S1123 described later.

On the other hand, if the both are identical with each other (S1117:Yes), the determination unit 106 sets “OK” to the Result, and thenauthenticates the user terminal 20 a (S1121).

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit the Result set in S1119 or S1121 to the userterminal 20 a (S1123).

[1-3-3. Operation when Registering Account into Server 30]

Next, with reference to FIG. 8, the operation when registering theaccount into the server 30 according to the first embodiment will bedescribed. Note that, for example, this operation is performed when theuser 2 registers the account into the server 30 to utilize the keyauthentication service. Here, the user 2 may be the owner 2 a, or may bethe guest 2 b (who has received an invitation e-mail described insection 1-3-6).

As illustrated in FIG. 8, first, the user terminal 20 accesses to theserver 30. Then, the operation display unit 222 of the user terminal 20displays an account registration screen image received from the server30 for example, and then accepts input of a user name and an e-mailaddress, and selection of an icon image (used in individualidentification, for example) from the user 2, in the registration screenimage. Thereafter, the transmission control unit 206 causes thecommunication unit 220 to transmit a registration request of theaccount, including input content, to the server 30 (S1201).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 the request toconfirm whether or not the same e-mail address as the e-mail addressreceived in S1201 is registered (S1203).

Thereafter, the database 32 performs confirmation on the basis of therequest received in S1203, and then transmits the confirmation result tothe server 30 (S1205).

Thereafter, if it is confirmed that the same e-mail address isregistered (S1207: Yes), the transmission control unit 304 of the server30 causes the communication unit 320 to transmit to the user terminal 20a notification of disapproved registration of the relevant account(S1209). Then, the “operation when registering the account into theserver 30” ends.

On the other hand, if it is confirmed that the same e-mail address isnot registered (S1207: No), the transmission control unit 304 causes thecommunication unit 320 to transmit to the database 32 a save request ofthe icon image received in S1201 (S1211).

Thereafter, the database 32 decides the URL of the save destination ofthe icon image received in S1211. Then, the database 32 stores thereceived icon image and the decided URL in association with each other(S1213). Then, the database 32 transmits the URL decided in S1213 to theserver 30 (S1215).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a creationrequest of the account, which includes the user name and the e-mailaddress received in S1201 and the icon URL received in S1215 (S1217).

Thereafter, the database 32 decides the web ID corresponding to therelevant user 2. Then, the database 32 stores the user name, the e-mailaddress, the icon URL included in the creation request received inS1217, and the decided web ID, in association with each other (S1219).

Subsequently, the database 32 transmits the web ID decided in S1219 tothe server 30 (S1221).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the user terminal 20 anotification of the registration completion of the account, whichincludes the web ID received in S1221 (S1223).

[1-3-4. Operation when Registering User Terminal 20 into Server 30]

Next, with reference to FIG. 9, the operation when registering the userterminal 20 into the server 30 according to the first embodiment will bedescribed. Note that this operation is performed when the user 2registers the information of the user terminal 20 in the server 30 toutilize the key authentication service. Also, for example, thisoperation is performed immediately after the “operation when registeringthe account into the server 30” described in section 1-3-3. Although, inthe following, an exemplary operation performed when registering theinformation of the user terminal 20 b of the guest 2 b will bedescribed, the operation performed when registering the information ofthe user terminal 20 a of the owner 2 a is substantially similar.

As illustrated in FIG. 9, first, the user terminal 20 b accesses to theserver 30. Then, the user terminal 20 b transmits to the server 30 aregistration request of the device, which includes the device ID of theuser terminal 20 b, the user web ID (that has been issued from theserver 30), the RSA public key of the user terminal 20 b, and the devicename of the user terminal 20 b (S1301).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toconfirm whether or not the same device ID as the device ID received inS1301 has been registered (S1303).

Thereafter, the database 32 performs confirmation on the basis of therequest received in S1303, and then transmits the confirmation result tothe server 30 (S1305).

Thereafter, if it is confirmed that the same device ID is registered(S1307: Yes), the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the user terminal 20 b anotification of disapproved registration of the relevant user terminal20 b (S1309).

On the other hand, if it is confirmed that the same device ID is notregistered (S1307: No), the transmission control unit 304 of the server30 causes the communication unit 320 to transmit to the database 32 arequest to confirm whether or not device registration has been performedby the same user 2 b (i.e., the user 2 b having the same user web ID)(S1311).

Thereafter, the database 32 performs confirmation on the basis of therequest received in S1311, and then transmits the confirmation result tothe server 30 (S1313).

Thereafter, if it is confirmed that another device is not registered bythe same user 2 b (S1315: No), the server 30 performs the operation ofS1325 described later.

On the other hand, if it is confirmed that another device is registeredby the same user 2 b (S1315: Yes), the transmission control unit 304 ofthe server 30 causes the communication unit 320 to transmit to the userterminal 20 a of the owner 2 a a request to approve registration of thenew device, which includes the device ID and the device name received inS1301 (S1317).

Thereafter, for example, the display control unit 210 of the userterminal 20 a causes the operation display unit 222 to display a deviceregistration approval screen image for inputting whether or not toapprove in response to the approval request received in S1317. Then, thetransmission control unit 206 generates a notification of whether or notto the registration of the device is approved, which includes the deviceID received in S1317, on the basis of the input of the owner 2 a to theoperation display unit 222, and then causes the communication unit 220to transmit the generated notification to the server 30 (S1319).

Thereafter, the control unit 300 of the server 30 confirms the contentof the notification received in S1319 (S1321). If the content of thereceived notification indicates to reject the registration of the device(S1321: No), the transmission control unit 304 causes the communicationunit 320 to transmit the notification of the disapproved registration ofthe relevant user terminal 20 b, to the user terminal 20 b (S1323).

On the other hand, if the content of the received notification indicatesto approve the registration of the device (S1321: Yes), the transmissioncontrol unit 304 causes the communication unit 320 to transmit thedevice registration request to the database 32, on the basis of theregistration request received in S1301 (S1325).

Thereafter, the database 32 stores the device ID, the user web ID, theRSA public key, and the device name, which are included in the deviceregistration request received in S1325, in association with each other(S1327).

[1-3-5. Operation when Authenticating Account By Server 30]

Next, with reference to FIG. 10, the operation when authenticating anaccount by the server 30 according to the first embodiment will bedescribed. Note that this operation is performed each time the userterminal 20 logs in to the key authentication service, after the end ofregistration of the account and registration of the user terminal 20 tothe above server 30, for example.

As illustrated in FIG. 10, first, the transmission control unit 206 ofthe user terminal 20 causes the communication unit 220 to transmit tothe server 30 a challenge acquisition request which includes the deviceID of the user terminal 20 (S1401).

Thereafter, the random number generating unit 306 of the server 30generates a challenge which is a uniform random number, for example(S1403). Then, the transmission control unit 304 causes thecommunication unit 320 to transmit the challenge generated in S1403 tothe user terminal 20 (S1405).

Thereafter, the cipher generating unit 202 of the user terminal 20generates RSA signature data by encrypting the challenge received inS1405 with the RSA secret key of the user terminal 20, (S1407).

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit the RSA signature data generated in S1407 to theserver 30 (S1409).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the RSA public key corresponding to the device ID received inS1401 (S1411).

Thereafter, the database 32 extracts the RSA public key corresponding tothe device ID included in the acquisition request received in S1411, andthen transmits the extracted RSA public key to the server 30 (S1413).

Thereafter, the verification processing unit 308 of the server 30decodes the RSA signature data received in S1409, using the RSA publickey received in S1413 (S1415).

Subsequently, the verifying unit 310 compares the information decoded inS1415 and the challenge generated in S1403 (S1417). If the both are notidentical with each other (S1417: No), the verifying unit 310 sets “NG”to Result (=authentication result), and then does not authenticate theuser terminal 20 (S1419). Thereafter, the server 30 performs theoperation of S1423 described later.

On the other hand, if the both are identical with each other (S1417:Yes), the verifying unit 310 sets “OK” to the Result, and thenauthenticates the user terminal 20 (S1421).

Thereafter, the transmission control unit 304 causes the communicationunit 320 to transmit the Result set in S1419 or S1421 to the userterminal 20 (S1423).

[1-3-6. Operation when Inviting Guest 2 b]

Next, with reference to FIG. 11, the operation when inviting the guest 2b according to the first embodiment will be described. Note that, forexample, this operation is performed to give the unlocking right to theguest 2 b whom the owner 2 a approves to give the unlocking right of thelock control device 10-1.

As illustrated in FIG. 11, first, the key information issuing unit 204of the user terminal 20 a generates an eKey Group ID associated with aspecific lock control device 10-1, on the basis of the input of theowner 2 a into the operation display unit 222, for example (S1501). Notethat, here, the effectiveness expiration date of the eKey Groupcorresponding to the relevant eKey Group ID, and the value of theeffectiveness confirmation flag are also set. Although the detail willbe described later, the effectiveness confirmation flag is a flag forsetting whether or not the lock control device 10-1 is to inquire of theserver 30 as to the effectiveness of the eKey received from the userterminal 20 at the time of the unlocking request by the lock controldevice 10-1.

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit to the server 30 a registration request of the eKeyGroup, which includes the eKey Group ID generated in S1501, the lockcontrol device ID corresponding to the eKey Group ID, the web ID of theowner 2 a, the effectiveness expiration date set in S1501, and theeffectiveness confirmation flag, (S1503).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toconfirm whether or not the same eKey Group ID as the eKey Group IDincluded in the registration request received in S1503 has beenregistered (S1505).

Thereafter, the database 32 performs confirmation on the basis of therequest received in S1505, and then transmits the confirmation result tothe server 30 (S1507).

Thereafter, if it is confirmed that the same eKey Group ID is registered(S1509: Yes), the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the user terminal 20 a anotification of disapproved registration of the eKey Group (S1511).Then, the “operation when inviting the guest 2 b” ends.

On the other hand, if it is confirmed that the same eKey Group ID is notregistered (S1509: No), the transmission control unit 304 of the server30 causes the communication unit 320 to transmit to the database 32 theregistration request of the eKey Group, on the basis of the registrationrequest received in S1503 (S1513).

Thereafter, the database 32 stores the eKey Group ID, the lock controldevice ID, the web ID of the owner 2 a, the effectiveness expirationdate, and the effectiveness confirmation flag, which are included in theregistration request received in S1513, in association with each other(S1515).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the user terminal 20 a anotification of the registration completion of the eKey Group (S1517).

Thereafter, the transmission control unit 206 of the user terminal 20 acauses the communication unit 220 to transmit to the server 30 a requestto acquire the URL for the invitation e-mail (for inviting the guest 2 bto the eKey Group), which includes the relevant eKey Group ID (S1519).

Thereafter, the control unit 300 of the server 30 decides the URL forthe invitation e-mail, on the basis of the acquisition request receivedin S1519. Note that this URL is the link information to a predeterminedlink destination in the server 30, for example.

Then, the transmission control unit 304 causes the communication unit320 to transmit the decided URL to the user terminal 20 a (S1521).

Thereafter, the invitation e-mail generating unit 208 of the userterminal 20 a generates the invitation e-mail including the URL receivedin S1521 (S1523). Then, the transmission control unit 206 causes thecommunication unit 220 to transmit the invitation e-mail generated inS1523 to the server 30 (S1525).

Thereafter, the process substantially similar to the “operation whenregistering the account into the server 30” described in section 1-3-3is executed between the user terminal 20 b, the server 30, and thedatabase 32 (S1527).

Thereafter, the “operation when requesting the issuance of the eKey”,which is described later, is performed between the user terminal 20 a,the user terminal 20 b, the server 30, and the database 32 (S1529).

[1-3-7. Operation when Requesting Issuance of eKey]

Next, with reference to FIG. 12, the “operation when requesting theissuance of the eKey” in S1529 will be described in detail. Note that,for example, this operation is performed when the guest 2 b who hasreceived the invitation e-mail from the owner 2 a requests the issuanceof the eKey to the owner 2 a via the server 30.

As illustrated in FIG. 12, first, the user terminal 20 b accesses to theURL described in the invitation e-mail received in S1525 illustrated inFIG. 11 (S1551). Thereby, the user terminal 20 b can access to apredetermined link destination in the server 30.

Subsequently, the transmission control unit 206 of the user terminal 20b causes the communication unit 220 to transmit to the server 30 an eKeyissuance request, which includes the eKey Group ID described in theinvitation e-mail received in S1525 and the device ID of the userterminal 20 b (S1553).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the web ID of the owner 2 a on the basis of the eKey issuancerequest received in S1553 (S1555).

Thereafter, the database 32 extracts the web ID of the owner 2 acorresponding to the eKey Group ID included in the received acquisitionrequest, and then transmits the extracted web ID to the server 30(S1557).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the device name and the user name, on the basis of the eKeyissuance request received in S1553 (S1559).

Thereafter, the database 32 extracts the device name and the user namecorresponding to the device ID included in the acquisition requestreceived in S1559, and then transmits the extracted device name and username to the server 30 (S1561).

Thereafter, the transmission control unit 304 of the server 30push-notifies the user terminal 20 a corresponding to the web IDreceived in S1557, of the eKey issuance request which includes the eKeyGroup ID and the device ID included in the eKey issuance requestreceived in S1553, and the device name and the user name received inS1561 (S1563).

Thereafter, the display control unit 210 of the user terminal 20 acauses the operation display unit 222 to display the eKey issuanceapproval screen image for example, on the basis of the issuance requestnotified in S1563. Then, if the owner 2 a inputs disapproval into theoperation display unit 222 (S1565: No), the user terminal 20 a ends theprocess. Then, the “operation when requesting the issuance of the eKey”ends.

On the other hand, if the owner 2 a inputs approval (S1565: Yes), thekey information issuing unit 204 of the user terminal 20 a generates aneKey ID which is a universally unique identifier (UU ID), for example(S1567).

Thereafter, the transmission control unit 206 of the user terminal 20 acauses the communication unit 220 to transmit to the server 30 a requestto acquire the RSA public key corresponding to the device ID notified inS1563 (S1569).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the RSA public key, on the basis of the acquisition requestreceived in S1569 (S1571).

Thereafter, the database 32 extracts the RSA public key corresponding tothe device ID included in the received acquisition request, and thentransmits the extracted RSA public key to the server 30 (S1573).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit the RSA public key received inS1573 to the user terminal 20 a (S1575).

Thereafter, the cipher generating unit 202 of the user terminal 20 agenerates a certificate of the received RSA public key, by creating adigital signature using the RSA secret key of the user terminal 20 awith respect to the RSA public key received in S1575 (i.e., the RSApublic key of the guest 2 b), (S1577).

Thereafter, the “operation when issuing an eKey” described later isperformed between the user terminal 20 a, the user terminal 20 b, theserver 30, and the database 32, (S1579).

[1-3-8. Operation when Issuing eKey]

Next, with reference to FIG. 13, the “operation when issuing an eKey” inS1579 will be described in detail. Note that, for example, thisoperation is performed when the user terminal 20 a of the owner 2 aissues the eKey of the user terminal 20 b of the guest 2 b, and thendelivers the eKey to the user terminal 20 b via the server 30.

As illustrated in FIG. 13, first, the key information issuing unit 204of the user terminal 20 a issues an eKey including the eKey ID generatedin S1567 illustrated in FIG. 12, the device ID of the user terminal 20a, and the certificate of the RSA public key generated in S1577, forexample (S1601). Then, the transmission control unit 206 causes thecommunication unit 220 to transmit the eKey and the eKey ID issued inS1601 to the server 30 (S1603).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit the eKey ID and the eKey receivedin S1603 to the database 32 (S1605).

Thereafter, the database 32 stores the eKey ID and the eKey received inS1605 in association with each other (S1607).

Thereafter, the transmission control unit 304 of the server 30push-notifies to the user terminal 20 b the issuance of the eKeynotification including the eKey ID received in S1603 (S1609).

Thereafter, the transmission control unit 206 of the user terminal 20 bcauses the communication unit 220 to transmit to the server 30 a requestto acquire the eKey corresponding to the eKey ID notified in S1609, onthe basis of the input of the guest 2 b into the operation display unit222, for example (S1611).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the eKey, on the basis of the acquisition request received inS1611 (S1613).

Thereafter, the database 32 extracts the eKey corresponding to the eKeyID included in the acquisition request received in S1613, and thentransmits the extracted eKey to the server 30 (S1615).

Thereafter, the transmission control unit 304 of the server 30push-notifies to the user terminal 20 a (of the owner 2 a) anotification of the acquisition completion of the eKey including theeKey ID received in S1603 (S1617).

Subsequently, the transmission control unit 304 causes the communicationunit 320 to transmit the eKey received in S1615 to the user terminal 20b (S1619).

Thereafter, the transmission control unit 206 of the user terminal 20 bcauses the communication unit 220 to transmit to the server 30 a requestto acquire the effectiveness confirmation flag of the eKey including therelevant eKey ID, on the basis of the input of the user into theoperation display unit 222, for example (S1621).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the effectiveness confirmation flag, on the basis of theacquisition request received in S1621 (S1623).

Thereafter, the database 32 extracts the effectiveness confirmation flagcorresponding to the eKey ID included in the acquisition requestreceived in S1623, and then transmits the extracted effectivenessconfirmation flag to the server 30 (S1625).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit the effectiveness confirmationflag received in S1625 to the user terminal 20 b (S1627).

[1-3-9. Operation when Unlocking]

Next, with reference to FIG. 14, the operation when unlocking accordingto the first embodiment will be described. Note that, for example, thisoperation is performed when the user terminal 20 that possess the eKeycorresponding to the relevant lock control device 10-1 approaches thelock control device 10-1, and then requests the lock control device 10-1to unlock. Although, in the following, an exemplary operation performedwhen the user terminal 20 b of the guest 2 b requests unlocking will bedescribed, the operation performed when the user terminal 20 a of theowner 2 a requests unlocking is substantially similar.

As illustrated in FIG. 14, first, the user terminal 20 b confirmswhether or not the value of the effectiveness confirmation flag receivedin S1627 illustrated in FIG. 13 is “ON” (S1701). If the value of theeffectiveness confirmation flag is not “ON” (S1701: No), the userterminal 20 b performs the operation of S1713 described later.

On the other hand, if the value of the effectiveness confirmation flagis “ON” (S1701: Yes), the transmission control unit 206 of the userterminal 20 b causes the communication unit 220 to transmit to theserver 30 a request to confirm the effectiveness of the eKey, whichincludes the relevant eKey ID (S1703).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 220 to transmit to the database 32 a request toconfirm the effectiveness of the eKey, on the basis of the confirmationrequest received in S1703 (S1705).

Thereafter, the database 32 extracts the information relevant to theeffectiveness of the eKey corresponding to the eKey ID included in theconfirmation request received in S1705, and then transmits the extractedinformation to the server 30 (S1707).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the user terminal 20 b theconfirmation result of the effectiveness based on the informationreceived in S1707 (S1709).

Thereafter, if the confirmation result received in S1709 indicatesnon-effectiveness of the eKey (S1711: No), the user terminal 20 b endsthe process. Then, the “operation when unlocking” ends.

On the other hand, if the confirmation result received in S1709indicates effectiveness of the eKey (S1711: Yes), the user terminal 20 bperforms the “unlocking process” described later (S1713).

Then, if fails in unlocking in S1713 (S1715: No), the user terminal 20 bends the process. Then, the “operation when unlocking” ends.

On the other hand, if succeeds in the unlocking (S1715: Yes), thetransmission control unit 206 of the user terminal 20 b causes thecommunication unit 220 to transmit to the server 30 a notification ofcarrying out unlocking, which includes the user web ID and the eKey IDof the user terminal 20 b (S1717).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the web ID of the owner 2 a and the user name and the devicename of the guest 2 b, on the basis of the notification of carrying outunlocking received in S1717 (S1719).

Thereafter, the database 32 extracts the web ID of the owner 2 acorresponding to the eKey ID included in the acquisition requestreceived in S1719 and the user name and the device name corresponding tothe user web ID included in the acquisition request, and then transmitsthe extracted information to the server 30 (S1721).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 220 to transmit to the user terminal 20corresponding to the web ID received in S1721 (i.e., the user terminal20 a of the owner 2 a) a notification of carrying out unlocking, whichincludes the eKey ID received in S1717 and the user name and the devicename received in S1721 (S1723).

[1-3-10. Operation of Unlocking Process]

Next, with reference to FIGS. 15 and 16, the “operation of the unlockingprocess” in S1713 will be described in detail. Note that the operationof S1801 to S1803 illustrated in FIG. 15 is similar to the operation ofS1101 to S1103 illustrated in FIG. 7.

After S1803, the transmission control unit 206 of the user terminal 20causes the communication unit 220 to transmit to the lock control device10-1 the device ID of the user terminal 20 and the eKey (received inS1619 illustrated in FIG. 13 for example) (S1805).

Thereafter, the control unit 100-1 of the lock control device 10-1confirms whether or not the device ID received in S1805 has beenrecorded in the registration key DB 136 (S1807). If the device ID is notrecorded in the registration key DB 136 (S1807: No), the lock controldevice 10-1 performs the operation of S1831 described later.

On the other hand, if the device ID is recorded in the registration keyDB 136 (S1807: Yes), the key information verifying unit 102 confirms thevalue of the effective period included in the eKey received in S1805,and then determines whether or not the present moment is within theeffective period of the eKey (S1809). If not within the effective periodof the eKey (S1809: No), the lock control device 10-1 performs theoperation of S1831 described later.

On the other hand, if within the effective period of the eKey (S1809:Yes), the verification processing unit 104 decodes the RSA certificateof the public key of the user 2 b which is included in the relevanteKey, using the RSA public key of the user terminal 20 a of the owner 2a which is recorded in the registration key DB 136 (S1811).

Then, the key information verifying unit 102 determines whether or notthe RSA public key of the user 2 b is rightful, on the basis of thecertificate decoded in S1811 (S1813). If it is determined that the RSApublic key of the user 2 b is not rightful (S1813: No), the lock controldevice 10-1 performs the operation of S1831 described later.

On the other hand, if it is determined that the RSA public key of theuser 2 b is rightful (S1813: Yes), the random number generating unit 110generates a random number. Then, the transmission control unit 112causes the communication unit 130 to transmit the generated randomnumber to the user terminal 20 (S1821).

Next, with reference to FIG. 16, the operation after S1821 will bedescribed. Note that the operation of S1823 to S1827 is similar to S1011to S1015 illustrated in FIG. 6.

After S1827, the determination unit 106 of the lock control device 10-1compares the information decoded in S1827 and the random numbergenerated in S1821 (S1829). If the both are not identical with eachother (S1829: No), the determination unit 106 decides not to unlock(S1831). Thereafter, the lock control device 10-1 performs the operationof S1835 described later.

On the other hand, if the both are identical with each other (S1829:Yes), the determination unit 106 decides to unlock. Then, the lockingcontrol unit 108 causes the locking unit 132 to unlock (S1833).

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit to the user terminal 20 the execution result ofS1831 or S1833 (S1835).

(1-3-10-1. Exemplary Variant)

Note that, in an exemplary variant of S1833, the determination unit 106may record the RSA public key and the header 400 included in the eKeyreceived in S1805 in association with each other in the registration keyDB 136, in a case where the user terminal 20 is the user terminal 20 ofthe guest 2 b, and, this user terminal 20 unlocks for the first time.According to this exemplary variant, the process such as transmission ofthe eKey and verification of the eKey can be omitted in S1805 to S1813for example, at the second or later unlocking request by the relevantuser terminal 20. This makes the process faster.

[1-3-11. Operation when Requesting Invalidation of eKey Group]

Next, with reference to FIG. 17, the operation when requesting theinvalidation of the eKey Group, according to the first embodiment willbe described. Note that this operation is performed in a case where theowner 2 a wishes to invalidate the eKey Group associated with the lockcontrol device 10-1, at the time of the replacement of the lock controldevice 10-1, for example.

As illustrated in FIG. 17, first, the owner 2 a inputs the eKey Group IDand the invalidation registration into an eKey Group invalidationregistration screen image displayed on the operation display unit 222 ofthe user terminal 20 a, for example. Then, the transmission control unit206 of the user terminal 20 a causes the communication unit 220 totransmit to the server 30 an invalidation request of the eKey Groupwhich includes the input eKey Group ID (S1901).

Thereafter, the transmission control unit 304 of the server 30 recordsin the database 32 the invalidation of the eKey Group corresponding tothe eKey Group ID included in the invalidation request received in S1901(S1903). Thereby, the eKey Group corresponding to the relevant eKeyGroup ID is invalidated.

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit a notification of theinvalidation completion of the eKey Group to the user terminal 20 a(S1905).

1-4. Effect

[1-4-1. Effect 1]

In the above, for example as described with reference to FIG. 2, FIG.15, FIG. 16, and other drawings, the lock control device 10-1 accordingto the first embodiment receives from the user terminal 20 the unlockingrequest and the information generated on the basis of the secret key ofthe user terminal 20, and then determines whether or not to cause thelocking unit 132 to unlock on the basis of the received informationgenerated by the user terminal 20 and the public key of the userterminal 20. Hence, the lock control device 10-1 can authenticate theuser terminal 20 without receiving information of high secrecy from theuser terminal 20, and therefore the safety of authentication is high.

Further, the user terminal 20 is needless to register information ofhigh secrecy into the lock control device 10-1 and the server 30, andtherefore information of high secrecy is prevented from leaking outsideeven when not unlocking.

Also, the lock control device 10-1 verifies the rightfulness of thepublic key of the user terminal 20 b, by verifying, using the public keyof the user terminal 20 a, the signature information of the userterminal 20 a of the owner 2 a, which is included in the eKey receivedfrom the user terminal 20 b. Hence, the lock control device 10-1 canconfirm whether or not the user terminal 20 b of the authenticationtarget is the user terminal 20 of the user 2 having unlocking authority.

[1-4-2. Effect 2]

Also, according to the first embodiment, if only the mail address of theguest 2 b is identified, the user terminal 20 a of the owner 2 a cantransmit the eKey ID, which is an e-mail including an invitation letterof eKey issuance, to the user terminal 20 b of the guest 2 b.

Also, only in a case where the user terminal 20 a approves the approvalrequest received via the server 30 after transmitting the e-mail to theuser terminal 20 b of the guest 2 b, the eKey is delivered to the userterminal 20 b. Hence, the eKey is issued only to the guest 2 b whom theowner 2 a wants to approve.

Note that the eKey ID is just a pointer for having the eKey issued, andthe eKey ID alone does not cause the lock control device 10-1 to unlock.Hence, even if an e-mail including the eKey ID is intercepted by a thirdperson, the unlocking right of the lock control device 10-1 is notstolen.

1-5. Application Example

In the above, the first embodiment has been described. Next, theapplication example of the first embodiment will be described withreference to FIGS. 18 to 20.

[1-5-1. Background]

First, the background that has lead up to creating the presentapplication example will be described. In the above first embodiment,the user 2 who can issue the eKey is only the owner 2 a basically.Hence, for example, when the eKey is issued for a large number of guests2 b, it takes time to issue the eKey for all the users 2 b. Also, theowner 2 a is to perform an approval operation in response to the eKeyissuance request from individual guest 2 b, and therefore the work loadof the owner 2 a is huge.

As described later, according to the present application example, theowner 2 a can register a vice owner 2 c having the authority for issuingthe eKey, from among other users 2.

[1-5-2. System Configuration]

Next, with reference to FIG. 18, the configuration of the informationprocessing system according to the present application example will bedescribed. As illustrated in FIG. 18, the information processing systemaccording to the present application example further includes a userterminal 20 c of the vice owner 2 c, as compared with the systemillustrated in FIG. 1. Here, the vice owner 2 c is the user 2 having theauthority for issuing a conditional eKey. For example, the vice owner 2c is set at a lower rank than the owner 2 a, and, has the authority forissuing the eKey to the user 2 of the lower rank than the rank set atitself. As one example, the vice owner 2 c can issue the eKey to theguest 2 b who does not have the authority for issuing the eKey.

Note that other components are similar to the first embodiment.

[1-5-3. Configuration]

(1-5-3-1. User Terminal 20)

In the above, the configuration of the information processing systemaccording to the present application example has been described. Next,the configuration according to the present application example will bedescribed in detail. The configuration of the user terminal 20 by thepresent application example is substantially similar to theconfiguration illustrated in FIG. 4. In the following, only componentshaving the function different from the above first embodiment will bedescribed.

Cipher Generating Unit 202

In a case where the user terminal 20 is the user terminal 20 of theowner 2 a or the vice owner 2 c, the cipher generating unit 202according to the present application example creates a digital signaturefor the public key of the user terminal 20 b of the user 2 b of eKeyissuance target. For example, in the above case, the cipher generatingunit 202 creates a digital signature by encrypting the public key of thetarget user 2 b, using the secret key of the user terminal 20.

Key Information Issuing Unit 204

Setting of eKey Level

The key information issuing unit 204 according to the presentapplication example issues the eKey additionally including the eKeylevel indicating the rank of the user 2 of eKey issuance target.

FIG. 19 is an explanatory diagram illustrating an exemplaryconfiguration of the eKey (eKey 40-2) according to the presentapplication example. As illustrated in FIG. 19, the eKey 40-2 furtherincludes the eKey level 4008, as compared with the eKey 40-1 illustratedin FIG. 3. Here, the value of the eKey level set to the relevant user 2is recorded in the eKey level 4008.

Note that, the value of the eKey level is set by the user 2 who is theissuer of the eKey (hereinafter, sometimes referred to as eKey issuanceuser 2). For example, the eKey issuance user 2 sets a lower value thanits own eKey level at the eKey level. As one example, the eKey issuanceuser 2 sets an integer within the range of “its own eKey level −1” to“−10” at the eKey level. Here, “−10” is the default value of the eKeylevel, and is the value given to the user 2 who does not have theauthority for issuing the eKey. Also, “0” is set to the eKey level ofthe owner 2 a.

According to this exemplary setting, the user 2 whose eKey level is setto the value of “−1” to “−9” can set a lower value than its own eKeylevel at the eKey level and issue the eKey. That is, the user 2 has theauthority of the vice owner 2 c who can issue the eKey conditionally.

(1-5-3-2. Lock Control Device 10-1, Server 30)

The configuration and the function of the lock control device 10-1 andthe server 30 according to the present application example aresubstantially similar to the above first embodiment.

[1-5-4. Operation]

In the above, the configuration according to the present applicationexample has been described. Next, the operation according to the presentapplication example will be described with reference to FIG. 20. Notethat the operation other than S1501 illustrated in FIG. 11 issubstantially similar to the above first embodiment, and therefore thedescription will be omitted.

As illustrated in FIG. 20, in the present application example, theoperation of S2001 to S2003 is performed, instead of S1501. First, thekey information issuing unit 204 of the user terminal 20 a determineswhether or not the eKey level included in the eKey of the user terminal20 a is equal to or larger than a threshold value of the authority forissuing the eKey, such as “−9” for example (S2001). If the eKey level issmaller than the threshold value (S2001: No), the user terminal 20 adetermines that there is no authority for issuing the eKey (S2005).Then, the “operation when inviting the guest 2 b” ends.

On the other hand, if the eKey level is equal to or larger than thethreshold value (S2001: Yes), the key information issuing unit 204generates the eKey Group ID in association with the eKey level of theterminal itself for example (S2003). Thereafter, the user terminal 20 aperforms the operation at or after S1503 illustrated in FIG. 11.

[1-5-5. Effect]

In the above, as described with reference to FIGS. 18 to 20, the userterminal 20 according to the present application example issues the eKeyadditionally including the eKey level indicating the rank of the user 2of eKey issuance target. Then, the eKey level is set to a lower valuethan the eKey level of the eKey issuance user 2.

Hence, the user 2 other than the owner 2 a is also capable of issuingthe eKey whose eKey level is set to a lower value than its own eKeylevel, in a case where the eKey level set for itself is equal to orlarger than the threshold value, so as to have the authority of the viceowner 2 c. Then, the owner 2 a can select the vice owner 2 c tocommission the vice owner 2 c to issue the eKey to the guest 2 b forexample, reducing the work load of the owner 2 a.

For example, according to the present application example, theproprietor (the owner 2 a) of the apartment building sets the realestate management company as the vice owner 2 c for example, and thencommissions the real estate management company to issue the eKey to theguest 2 b such as tenants of each room of the apartment building,maintenance workers, the intermediate agent, etc. Hence, the work loadof the proprietor of the apartment building is reduced significantly.

[1-5-6. Exemplary Variant]

Although, in the above application example, an example using the eKeylevel has been described as the method for setting the vice owner 2 c,the present disclosure is not limited to such an example. As anexemplary variant, a method in which the flag indicating the presence orabsence of the authority of the vice owner 2 c is set in the eKey or thepublic key of the user 2 may be used.

2. Second Embodiment 2-1. Background

In the above, the first embodiment has been described. Next, the secondembodiment will be described.

First, the background that has lead up to creating the second embodimentwill be described. In the above first embodiment, authentication isperformed using only one authentication algorithm, such as the RSAauthentication algorithm, for example.

In the meantime, in only one authentication algorithm implemented in thelock control device 10-1, there is a risk of being unable to maintainthe confidentiality of the key, due to the reason such as dramaticprogress of the calculation functionality in future for example. Then,there is a risk that the key is decrypted by the third person who doesnot have the rightful authority in order to unlock.

As described later, a lock control device 10-2 according to the secondembodiment is capable of implementing a plurality of types ofauthentication algorithms.

2-2. System Configuration

The system configuration according to the second embodiment is similarto the first embodiment illustrated in FIG. 1 or FIG. 18.

2-3. Configuration

[2-3-1. Lock Control Device 10-2]

Next, the configuration according to the second embodiment will bedescribed in detail. FIG. 21 is a functional block diagram illustratingthe configuration of the lock control device 10-2 according to thesecond embodiment. As illustrated in FIG. 21, the lock control device10-2 includes a control unit 100-2, instead of the control unit 100-1,as compared with the lock control device 10-1 illustrated in FIG. 2.Note that, in the following, the description will be omitted withrespect to the functions overlapping the first embodiment.

(2-3-1-1. Control Unit 100-2)

The control unit 100-2 further includes an algorithm switch unit 114, ascompared with the control unit 100-1 according to the first embodiment.

(2-3-1-2. Algorithm Switch Unit 114)

In a case where a change request from the first authentication algorithmto the second authentication algorithm is received from the userterminal 20 a of the owner 2 a, the algorithm switch unit 114 switchesthe authentication algorithm to use from the first authenticationalgorithm to the second authentication algorithm. More specifically, ina case where the change request is received from the user terminal 20 a,the algorithm switch unit 114 first stops using the first authenticationalgorithm, and then changes the setting to use the second authenticationalgorithm.

Alternatively, the algorithm switch unit 114 may switch, at the time ofthe unlocking request, the authentication algorithm to use from thefirst authentication algorithm to the second authentication algorithm,in a case where the information generated on the basis of the secondauthentication algorithm is received from the user terminal 20 forexample.

Here, the first authentication algorithm takes a short time forprocessing, but is an algorithm having the risk of being unable tomaintain the confidentiality of the key if the calculation functionalityis improved significantly. For example, the first authenticationalgorithm is RSA, DSA, or ECDSA. Also, the second authenticationalgorithm takes a long time for processing, but is an algorithm having alarge possibility of being able to maintain the confidentiality of thekey even if the calculation functionality is improved significantly. Forexample, the second authentication algorithm is an algorithm consideredto have the resistance to the quantum computer. As one example, thesecond authentication algorithm is the MQ authentication method, thelattice cryptosystem based authentication method, or the cipher basedauthentication method utilizing codes. Note that whether or not tochange from the first authentication algorithm to the secondauthentication algorithm is determined by the owner 2 a on the basis ofthe current calculation functionality and the technology trend, forexample.

Note that, in the following, an example in which the firstauthentication algorithm is the RSA algorithm, and the secondauthentication algorithm is the MQ algorithm will be described mainly.

(2-3-1-3. Key Information Verifying Unit 102)

In a case where the use of the RSA algorithm is stopped by the algorithmswitch unit 114, the key information verifying unit 102 according to thesecond embodiment determines the rightfulness of the eKey received fromthe user terminal 20, on the basis of the MQ algorithm.

eKey

Here, an exemplary configuration of the eKey (eKey 40-3) according tothe second embodiment will be described with reference to FIG. 22. Asillustrated in FIG. 22, the eKey 40-3 further includes an MQ public key4024 and an HMAC certificate 4026 of the key, as compared with the eKey40-2 (according to the application example of the first embodiment)illustrated in FIG. 19. Here, the MQ public key of the user terminal 20to which the eKey 40-3 is issued is recorded in the MQ public key 4024.Also, the signature information using the HMAC key of the user terminal20 a of the owner 2 a, for the MQ public key of the user terminal 20, isrecorded in the HMAC certificate 4026 of the key.

(2-3-1-4. Verification Processing Unit 104)

In a case where the use of the RSA algorithm is stopped by the algorithmswitch unit 114, the verification processing unit 104 according to thesecond embodiment verifies, by the MQ algorithm, the informationgenerated on the basis of the MQ secret key of the user terminal 20,which is received from the user terminal 20.

(2-3-1-5. Storage Unit 134)

The storage unit 134 according to the second embodiment storesauthentication software based on the RSA algorithm and authenticationsoftware based on the MQ algorithm.

Note that other components included in the lock control device 10-2 aresubstantially similar to the first embodiment.

[2-3-2. User Terminal 20]

Next, the configuration of the user terminal 20 according to the secondembodiment will be described.

(2-3-2-1. Cipher Generating Unit 202)

In a case where instruction information to change from the RSA algorithmto the MQ algorithm is received from the server 30, the ciphergenerating unit 202 according to the second embodiment generates theinformation on the basis of the random number received from the lockcontrol device 10-1 and the MQ secret key, after the reception.

(2-3-2-2. Transmission Control Unit 206)

In a case where the user terminal 20 is the user terminal 20 of theowner 2 a for example, the transmission control unit 206 according tothe second embodiment causes the communication unit 220 to transmit tothe server 30 a change request from the RSA algorithm to the MQalgorithm, on the basis of the input of the user 2 into the operationdisplay unit 222.

Note that other components included in the user terminal 20 aresubstantially similar to the first embodiment.

[2-3-3. Server 30]

Next, the configuration of the server 30 according to the secondembodiment will be described.

(2-3-3-1. Verification Processing Unit 308)

In a case where the change request from the RSA algorithm to the MQalgorithm is received from the user terminal 20, the verificationprocessing unit 308 according to the second embodiment verifies, by theMQ algorithm, the information generated on the basis of the MQ secretkey of the user terminal 20, which is received from the user terminal20, after the reception.

(2-3-3-4. Transmission Control Unit 304)

In a case where the change request from the RSA algorithm to the MQalgorithm is received from the user terminal 20 a, the transmissioncontrol unit 304 according to the second embodiment causes thecommunication unit 320 to transmit instruction information to changefrom the RSA algorithm to the MQ algorithm to another user terminal 20b.

(2-3-3-5. Storage Unit 322)

The storage unit 322 according to the second embodiment storesauthentication software based on the RSA algorithm and authenticationsoftware based on the MQ algorithm.

Note that other components included in the server 30 are substantiallysimilar to the first embodiment.

2-4. Operation

In the above, the configuration according to the second embodiment hasbeen described. Next, the operation according to the second embodimentwill be described in the following order with reference to FIGS. 23 to30. Note that other types of operations are similar to the firstembodiment, and therefore their description will be omitted.

1. Operation when registering a key into the lock control device 10-2

2. Operation of an MQ response data verifying process

3. Operation when verifying the key of the owner 2 a

4. Operation when requesting the change of algorithm

5. Operation when authenticating an account by the server 30

Note that, unless expressly stated otherwise, FIGS. 23 to 30 illustratesan example in which the user terminal 20 a is the user terminal 20 ofthe owner 2 a, and the user terminal 20 b is the user terminal 20 of theguest 2 b.

[2-4-1. Operation when Registering Key into Lock Control Device 10-2]

FIG. 23 is a sequence diagram illustrating a part of the operation whenregistering the key into the lock control device 10-2, according to thesecond embodiment. Note that this operation is an alternative operationto the operation according to the first embodiment (illustrated in FIG.6). Also, here, an exemplary operation when initially registeringinformation such as the device ID of the user terminal 20 a of the owner2 a and two types of public keys (i.e., the RSA public key and the MQpublic key), into the lock control device 10-2 managed by the owner 2 awill be described. Also, this operation is basically performed only onceby the owner 2 a who manages the lock control device 10-2 with regard toeach lock control device 10-2.

Note that the operation of S3001 to S3003 illustrated in FIG. 23 issimilar to S1001 to S1003 illustrated in FIG. 6.

After S3003, the cipher generating unit 202 of the user terminal 20 agenerates a commitment on the basis of the MQ algorithm, (S3005).

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit to the lock control device 10-2 the device ID ofthe user terminal 20 a, the commitment generated in S3005, the HMAC keyof the user terminal 20 a, the MQ public key of the user terminal 20 a,and the RSA public key of the user terminal 20 a (S3007).

Note that the operation of S3009 to S3017 illustrated in FIG. 23 issubstantially similar to S1007 to S1015 illustrated in FIG. 6.

After S3017, the determination unit 106 of the lock control device 10-2compares the information decoded in S3017 and the random numbergenerated in S3011 (S3019). In a case where the both are not identicalwith each other (S3019: No), the determination unit 106 performs theoperation of S3045 described later.

Here, the operation in a case where the both are identical with eachother in S3019 (S3019: Yes) will be described with reference to FIG. 24.

As illustrated in FIG. 24, first, the cipher generating unit 202 of theuser terminal 20 a generates N pieces of MQ response data [i] (i=1 to N)for example, on the basis of the random number received in S3011 and theMQ secret key of the user terminal 20 a (S3031). Note that, here, anexample in which the cipher generating unit 202 generates data dividedinto N pieces, due to a reason such as large data size of the MQresponse data for example, will be described. However, the ciphergenerating unit 202 is not limited to such an example, but may generateonly one piece of the MQ response data.

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit N pieces of the MQ response data [i] (i=1 to N)generated in S3031, to the lock control device 10-2 (S3033 to S3039).

Thereafter, the lock control device 10-2 executes the “MQ response dataverifying process” described later (S3041).

Thereafter, if it is verified that the MQ response data is not rightful(S3043: No), the determination unit 106 sets “NG” to Result(=registration result) (S3045). Thereafter, the lock control device 10-2performs the operation of S3051 described later.

On the other hand, if it is verified that the MQ response data isrightful (S3043: Yes), the determination unit 106 sets “OK” to theResult, (S3047). Then, the determination unit 106 records the device ID,the HMAC key, the MQ public key, and the RSA public key received inS3007 in association with each other, in the registration key DB 136(S3049).

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit the Result set in S3045 or S3047 to the userterminal 20 a (S3051).

[2-4-2. Operation of MQ Response Data Verifying Process]

Next, with reference to FIG. 25, the “operation of the MQ response dataverifying process” in S3041 will be described in detail.

As illustrated in FIG. 25, first, the verification processing unit 104of the lock control device 10-2 estimates State [0] by the MQ algorithm,on the basis of the MQ public key and the commitment received in S3007illustrated in FIG. 23, and the random number generated in S3011illustrated in FIG. 23 (S3101).

Thereafter, the verification processing unit 104 repeats estimatingState [i] by the MQ algorithm, from i=1 to i=N, on the basis of theestimated State [i−1] and the MQ response data [i] received in S3035(S3103 to S3109).

Thereafter, the determination unit 106 verifies whether or not theestimated State [N] is a rightful value (S3111). If the State [N] is nota rightful value (S3111: No), the determination unit 106 determines thatthe MQ response data received from the user terminal 20 a is notrightful (S3113).

On the other hand, if the State [N] is a rightful value (S3111: Yes),the determination unit 106 determines that the received MQ response datais rightful (S3115).

[2-4-3. Operation when Verifying Key of Owner 2 a]

Next, the operation when verifying the key of the owner 2 a according tothe second embodiment will be described. Note that, this operation is analternative operation to the operation according to the first embodiment(illustrated in FIG. 7). Also, this operation includes two types ofoperations, which are the verification operation using the RSA algorithmand the verification operation using the MQ algorithm, and these twotypes of operations are executed consecutively, for example. Of these,the verification operation using the RSA algorithm is similar to theoperation according to the first embodiment, and therefore thedescription will be omitted. In the following, the verificationoperation using the MQ algorithm will be described with reference toFIG. 26.

Note that the operation of S3201 to S3203 illustrated in FIG. 26 issimilar to S1101 to S1103 illustrated in FIG. 7. Also, the operation ofS3205 is similar to S3005 illustrated in FIG. 23.

After S3205, the transmission control unit 206 of the user terminal 20 acauses the communication unit 220 to transmit to the lock control device10-2 the device ID of the user terminal 20 a, the commitment generatedin S3205, and the MQ public key of the user terminal 20 a (S3207).

Note that the operation of S3209 to S3211 is similar to S1107 to S1109illustrated in FIG. 7. Also, the operation of S3213 to S3223 is similarto S3031 to S3041 illustrated in FIG. 24.

After S3223, if it is verified that the MQ response data is not rightful(S3225: No), the determination unit 106 of the lock control device 10-2sets “NG” to Result (=verification result) (S3227). Thereafter, the lockcontrol device 10-2 performs the operation of S3231 described later.

On the other hand, if it is verified that the MQ response data isrightful (S3225: Yes), the determination unit 106 sets “OK” to theResult (S3229).

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit the Result set in S3227 or S3229 to the userterminal 20 a (S3231).

[2-4-4. Operation when Requesting Change of Algorithm]

Next, with reference to FIG. 27, the operation when requesting thechange of algorithm according to the second embodiment will bedescribed. Note that this operation is the operation performed in a casewhere the owner 2 a wishes to change the authentication algorithm usedby the lock control device 10-2 from the RSA algorithm to the MQalgorithm, for example.

As illustrated in FIG. 27, first, the user terminal 20 a logs in to thekey authentication service. Then, the transmission control unit 206 ofthe user terminal 20 a causes the communication unit 220 to transmit tothe server 30 the change request to the MQ algorithm, on the basis ofthe input of the user into the operation display unit 222, for example,(S3301).

Thereafter, the control unit 300 of the server 30 changes the setting ofthe authentication algorithm to use, which is recorded in the storageunit 322 (or the database 32), from the RSA algorithm to the MQalgorithm, and updates the recorded content (S3303). Here, the controlunit 300 may change the authentication algorithm to use, from the RSAalgorithm to the MQ algorithm, with respect to all eKey Groups that havebeen registered. Alternatively, the control unit 300 may change theauthentication algorithm to use, from the RSA algorithm to the MQalgorithm, only with respect to the eKey Group specified in the changerequest received in S3301.

Subsequently, the transmission control unit 304 causes the communicationunit 320 to transmit to the user terminal 20 a a notification of thechange completion of the authentication algorithm (S3305).

Thereafter, the control unit 200 of the user terminal 20 a changes thesetting of the authentication algorithm to use, which is recorded in thestorage unit 224, from the RSA algorithm to the MQ algorithm, andupdates the recorded content of the storage unit 224 (S3307).

Also, the transmission control unit 304 of the server 30 causes thecommunication unit 320 to transmit to another user terminal 20 b aninstruction information to change from the RSA algorithm to the MQalgorithm (S3309).

Thereafter, similarly to S3307, the control unit 200 of the userterminal 20 b changes the setting of the authentication algorithm touse, from the RSA algorithm to the MQ algorithm, and updates therecorded content of the storage unit 224 (S3311).

[2-4-5. Operation when Authenticating Account by Server 30]

Next, the operation when authenticating an account by the server 30according to the second embodiment will be described. Note that thisoperation is an alternative operation to the operation according to thefirst embodiment (illustrated in FIG. 10). Also, this operation includestwo types of operations, which are the authentication operation usingthe RSA algorithm, and the authentication operation using the MQalgorithm. For example, the server 30 performs the authenticationoperation using the RSA algorithm before the change request of thealgorithm, which is described in section 2-4-4, is received from theuser terminal 20 a, and performs the authentication operation using theMQ algorithm after the change request of the algorithm is received. Notethat the authentication operation using the RSA algorithm is similar tothe authentication operation according to the first embodiment, andtherefore the description will be omitted. In the following, theauthentication operation using the MQ algorithm will be described withreference to FIG. 28.

As illustrated in FIG. 28, first, the cipher generating unit 202 of theuser terminal 20 generates a commitment on the basis of the MQ algorithm(S3401).

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit to the server 30 a challenge acquisition requestincluding the device ID of the user terminal 20 and the commitmentgenerated in S3401 (S3403).

Note that the operation of S3405 to S3407 is similar to S1403 to S1405illustrated in FIG. 10.

Thereafter, the cipher generating unit 202 of the user terminal 20generates N pieces of the MQ response data [i] (i=1 to N) for example,on the basis of the challenge received in S3407, and the MQ secret keyof the user terminal 20 (S3409).

Subsequently, the transmission control unit 206 causes the communicationunit 220 to transmit N pieces of the MQ response data [i] (i=1 to N)generated in S3409 to the server 30 (S3409 to S3417).

Thereafter, the transmission control unit 304 of the server 30 causesthe communication unit 320 to transmit to the database 32 a request toacquire the MQ public key of the user terminal 20 (S3419).

Thereafter, the database 32 extracts the MQ public key corresponding tothe device ID included in the acquisition request received in S3419, andthen transmits the extracted MQ public key to the server 30 (S3421).

Thereafter, the server 30 performs the “MQ response data verifyingprocess” (S3423). Note that this “MQ response data verifying process” isdifferent from the operation illustrated in FIG. 25 in that theoperation executor is the server 30 instead of the lock control device10-2, but other configuration is substantially similar.

In S3423, if it is verified that the MQ response data is not rightful(S3425: No), the control unit 300 of the server 30 sets “NG” to Result(=authentication result), and then does not authenticate the userterminal 20 (S3427). Thereafter, the server 30 performs the operation ofS3431 described later.

On the other hand, if it is verified that the MQ response data isrightful (S3425: Yes), the control unit 300 sets “OK” to the Result, andthen authenticates the user terminal 20 (S3429).

Thereafter, the transmission control unit 304 causes the communicationunit 130 to transmit the Result set in S3427 or S3429 to the userterminal 20 (S3431).

[2-4-6. Operation of Unlocking Process]

Next, the “operation of the unlocking process” according to the secondembodiment will be described. Note that this operation is an alternativeoperation to the operation according to the first embodiment(illustrated in FIGS. 15 and 16). Also, this operation includes twotypes of operations, which are the unlocking process using the RSAalgorithm and the unlocking process using the MQ algorithm. For example,the unlocking process using the RSA algorithm is executed in a casewhere the lock control device 10-2 uses the RSA algorithm as theauthentication algorithm, and the unlocking process using the MQalgorithm is executed in a case where the lock control device 10-2 usesthe MQ algorithm as the authentication algorithm. Of these, theunlocking process using the RSA algorithm is similar to the operationaccording to the first embodiment, and therefore the description will beomitted. In the following, the unlocking process using the MQ algorithmwill be described with reference to FIGS. 29 to 30.

Note that the operation of S3501 to S3503 illustrated in FIG. 29 issimilar to the operation of S1801 to S1803 illustrated in FIG. 15. Also,the operation of S3505 is substantially similar to S3205 illustrated inFIG. 26. Also, the operation of S3507 to S3511 is similar to S1805 toS1809 illustrated in FIG. 15.

In S3511, if it is confirmed that the eKey received in S3507 is withinthe effective period (S3511: Yes), the verification processing unit 104of the lock control device 10-2 decodes the HMAC certificate of the MQpublic key of the user 2, which is included in the eKey, using the HMACkey of the user terminal 20 a of the owner 2 a, which is recorded in theregistration key DB 136 (S3513).

Then, the determination unit 106 determines whether or not the MQ publickey of the user 2 is rightful, on the basis of the certificate decodedin S3513 (S3515). If it is determined that the MQ public key of the user2 is not rightful (S3515: No), the lock control device 10-2 performs theoperation of S3535 described later.

Here, the operation in a case where it is determined that the MQ publickey of the user 2 is rightful in S3515 (S3515: Yes) will be describedwith reference to FIG. 30.

Note that the operation of S3521 to S3531 illustrated in FIG. 30 issubstantially similar to S3031 to S3041 illustrated in FIG. 24.

After S3531, if it is verified that the MQ response data is not rightful(S3533: No), the determination unit 106 of the lock control device 10-2decides not to unlock (S3535). Thereafter, the lock control device 10-1performs the operation of S3539 described later.

On the other hand, if it is verified that the MQ response data isrightful (S3533: Yes), the determination unit 106 decides to unlock.Then, the locking control unit 108 causes the locking unit 132 to unlock(S3537).

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit the execution result of S3535 or S3537 to the userterminal 20 (S3539).

2-5. Effect

[2-5-1. Effect 1]

As described with reference to FIGS. 21 to 30 in the above, the lockcontrol device 10-2 and the server 30 according to the second embodimentimplement two types of authentication algorithms such as the RSAalgorithm and the MQ algorithm, and use the RSA algorithm as theauthentication algorithm in an initial state. In the presentcircumstances, the confidentiality of the key is secured sufficiently bythe RSA algorithm, and therefore the authentication is performed safely.Also, the authentication process is executed in a shorter time, ascompared with the MQ algorithm, for example.

[2-5-2. Effect 2]

Also, in a case where the change request of the authentication algorithmis received from the user terminal 20 a of the owner 2 a, the lockcontrol device 10-2 and the server 30 switch the authenticationalgorithm to use, from the RSA algorithm to the MQ algorithm.

Hence, even if the RSA algorithm becomes unable to maintain theconfidentiality of the key, due to the reason such as dramatic progressof calculation functionality in future, the lock control device 10-2authenticates the user terminal 20 using the MQ algorithm, in order toprevent being unlocked by the third person who does not have therightful authority. That is, according to the second embodiment, theeffect of making the lifetime of the key longer than the firstembodiment is obtained.

3. Third Embodiment 3-1. Background

In the above, the second embodiment has been described. Next, the thirdembodiment will be described. First, the background that has lead up tocreating the third embodiment will be described.

The effective period is set to the eKey as described above, the date andtime information managed in the lock control device 10-1 is to becorrect, to correctly operate the eKey. However, there is a risk of thedate and time information lagging as the usage of the lock controldevice 10-1 goes on, due to the restriction of the lock control device10-1. Thus, the date and time information of the lock control device10-1 is to be corrected occasionally.

In the meantime, if the date and time information of all user terminals20 (having the unlocking right) is set in a correctable manner, there isa risk of being set at incorrect date and time by a malicious user 2.For example, there is a risk that the malicious user 2 manipulates thedate and time information to incorrect date and time, to continue theuse of the eKey whose effective period has expired.

As described later, a lock control device 10-3 according to the thirdembodiment is capable of limiting the user 2 having the authority tochange the date and time information.

3-2. System Configuration

The system configuration according to the third embodiment is similar tothe first embodiment illustrated in FIG. 1 or FIG. 18.

3-3. Configuration

[3-3-1. Lock Control Device 10-3]

Next, the configuration according to the third embodiment will bedescribed in detail. FIG. 31 is a functional block diagram illustratingthe configuration of the lock control device 10-3 according to the thirdembodiment. As illustrated in FIG. 31, the lock control device 10-3includes a control unit 100-3, instead of the control unit 100-1, ascompared with the lock control device 10-1 illustrated in FIG. 2.

(3-3-1-1. Control Unit 100-3)

The control unit 100-3 further includes a date and time informationchanging unit 116, as compared with the control unit 100-1 according tothe first embodiment.

(3-3-1-2. Date and Time Information Changing Unit 116)

The date and time information changing unit 116 determines availabilityor unavailability of the change of the date and time information of thelock control device 10-3 by the user terminal 20, on the basis of a timesynchronization availability flag included in the eKey received from theuser terminal 20. For example, the date and time information changingunit 116 authorizes the change of the date and time information of thelock control device 10-3 by the user terminal 20, in a case where thetime synchronization availability flag included in the received eKeyindicates “OK”. Also, the date and time information changing unit 116does not authorize the change of the date and time information of thelock control device 10-3 by the user terminal 20, in a case where thistime synchronization availability flag indicates “NG”. Note that thevalue of the time synchronization availability flag may be set by theeKey issuing user 2 (the owner 2 a or the vice owner 2 c), when issuingthe eKey for example. Alternatively, the value of the timesynchronization availability flag may be set in a single uniform way, insuch a manner that only the owner 2 a is “OK”, and other users 2 b are“NG”, for example.

eKey

Here, an exemplary configuration of the eKey (an eKey 40-4) according tothe third embodiment will be described with reference to FIG. 32. Asillustrated in FIG. 32, the eKey 40-4 further includes a timesynchronization availability flag 4010, as compared with the eKey 40-3(according to the second embodiment) illustrated in FIG. 22. Here, thevalue of the time synchronization availability flag set for the userterminal 20 to which the eKey 40-3 is issued is recorded in the timesynchronization availability flag 4010.

Note that other components included in the lock control device 10-3 aresubstantially similar to the first embodiment. Also, the configurationsof the user terminal 20 and the server 30 are substantially similar tothe first embodiment.

3-4. Operation

In the above, the configuration according to the third embodiment hasbeen described. Next, the operation according to the third embodimentwill be described. Here, the “operation of the unlocking process”according to the third embodiment will be described. This operation isan alternative operation to the operation according to the firstembodiment (illustrated in FIGS. 15 and 16). Note that other types ofoperations are similar to the first embodiment illustrated in FIGS. 6 to14 and FIG. 17, and therefore the description will be omitted.

[3-4-1. Operation of Unlocking Process]

FIG. 33 is a sequence diagram illustrating a part of “operation of theunlocking process” according to the third embodiment. Note that theoperation from S1801 to S1829 illustrated in FIGS. 15 to 16 is similarto the first embodiment, and therefore the description is omittedpartially in FIG. 33. In the following, only the operation after S1829will be described.

In S1829, if the information decoded in S1827 illustrated in FIG. 16 andthe random number generated in S1821 illustrated in FIG. 16 areidentical with each other (S1829: Yes), the determination unit 106 ofthe lock control device 10-3 decides to unlock. Then, the lockingcontrol unit 108 causes the locking unit 132 to unlock (S1833).

Subsequently, the date and time information changing unit 116 determineswhether or not the value of the time synchronization availability flagincluded in the eKey received in S1805 illustrated in FIG. 15 is “OK”(S4001). If the value of the time synchronization availability flag isnot “OK” (S4001: No), the lock control device 10-3 performs theoperation of S4005 described later.

On the other hand, if the value of the time synchronization availabilityflag is “OK” (S4001: Yes), the date and time information changing unit116 synchronizes the date and time information of the lock controldevice 10-3, with the date and time information managed by the userterminal 20 (S4005). Thereby, the date and time information of the lockcontrol device 10-3 is corrected to be the same as the date and timeinformation of the user terminal 20.

Thereafter, the transmission control unit 112 causes the communicationunit 130 to transmit the execution result of S1831 or S1833 to the userterminal 20 (S4005).

3-5. Effect

In the above, as described with reference to FIGS. 31 to 33, the lockcontrol device 10-3 according to the third embodiment determines theavailability or unavailability of the change of the date and timeinformation of the lock control device 10-3 on the basis of the timesynchronization availability flag included in the eKey received from theuser terminal 20, and then authorizes the change of the date and timeinformation of the lock control device 10-3 by the user terminal 20 in acase where the time synchronization availability flag indicates “OK”.

Hence, the date and time information of the lock control device 10-3 canbe prevented from being changed by the user terminal 20 of the user 2 towhom the authority of the time correction is not given. For example, therisk of the date and time information being changed to incorrect dateand time by the malicious user 2 can be decreased

4. Fourth Embodiment 4-1. Background

In the above, the third embodiment has been described. Next, the fourthembodiment will be described. First, the background that has lead up tocreating the fourth embodiment will be described.

[4-1-1. Background 1]

In general, it is desirable that the door is unlockable with smallburden for the user 2 having the unlocking right. In the publicly knowntechnology, as the first method, a technology is proposed in which theuser 2 activates a predetermined application implemented in the carriedterminal, and then performs the unlocking operation in the application.However, in this method, the application is to be activated at eachtrial of unlocking the door, and the work load of the user 2 is large.

Also, as the second method, the method that automatically unlocks, in acase where it is detected that the user 2 having the unlocking right hasapproached the door is proposed. However, in this method, there is arisk of unlocking even in a case where the user 2 is actually at aposition slightly away from the door. As a result, there is a risk ofintrusion into a room by the malicious person.

[4-1-2. Background 2]

Also, another problem is described below. In a case where there are aplurality of user terminals 20 having the unlocking right of the samelock control device 10-1, it is envisaged that a situation occurs inwhich a plurality of user terminals 20 approaches the lock controldevice 10-1 and then requests unlocking within a substantially same timeperiod. In this case, there is a risk of occurrence of an event inwhich, while a specific user terminal 20 a performs some sort ofcommunication with the lock control device 10-1, another user terminals20 b is unable to communicate with the lock control device 10-1 so asnot to unlock for a certain amount of time. In particular, thecommunication amount increases in a case where secure communication isperformed between the lock control device 10-1 and the user terminal 20for the unlocking process, and therefore the above problem is likely tooccur.

As a result, there is a risk that the user 2 of another user terminal 20b is forced to wait for a certain amount of time until unlocked, andfeels stress.

As described later, with the lock control device 10-4 according to thefourth embodiment, the user 2 having the unlocking right can unlocksecurely, without operating the application. Also, the time during whichthe user 2 is forced to wait in front of the door at the time of theunlocking operation is shortened.

4-2. System Configuration

First, with reference to FIG. 34, the system configuration according tothe fourth embodiment will be described. As illustrated in FIG. 34, theinformation processing system according to the fourth embodiment furtherincludes a wearable device 50, as compared with the first embodimentillustrated in FIG. 1.

[4-2-1. Wearable Device 50]

The wearable device 50 is a device of a watch type for example, whichthe user 2 can wear on the body. This wearable device 50 includes anacceleration sensor for example, and is capable of measuring theacceleration of the wearable device 50.

Also, the wearable device 50 includes a display unit having a touchpanel, and is capable of displaying a display screen image.

Note that other components are substantially similar to the firstembodiment.

4-3. Configuration

[4-3-1. Lock Control Device 10-4]

In the above, the configuration of the information processing systemaccording to the fourth embodiment has been described. Next, theconfiguration according to the fourth embodiment will be described indetail. FIG. 35 is a functional block diagram illustrating theconfiguration of the lock control device 10-4 according to the fourthembodiment. As illustrated in FIG. 35, the lock control device 10-4according to the fourth embodiment includes a control unit 100-4,instead of the control unit 100-1, as compared with the lock controldevice 10-1 illustrated in FIG. 2. Also, the lock control device 10-4further includes a measurement unit 138.

(4-3-1-1. Control Unit 100-4)

The control unit 100-4 further includes an approach detecting unit 118and a detection unit 120, as compared with the control unit 100-1according to the first embodiment.

(4-3-1-2. Approach Detecting Unit 118)

The approach detecting unit 118 detects the approach of the userterminal 20 to the lock control device 10-4. For example, the approachdetecting unit 118 detects the approach of the user terminal 20, on thebasis of the strength of the radio wave of a predetermined standard,such as Bluetooth, which is received from the user terminal 20. Morespecifically, the approach detecting unit 118 determines that the userterminal 20 approaches the lock control device 10-4, in a case where itis detected that the strength of the received radio wave increasesgradually. Also, the approach detecting unit 118 determines that theuser terminal 20 is going away from the lock control device 10-4, in acase where it is detected that the strength of the received radio wavedecreases gradually.

Alternatively, the approach detecting unit 118 is also capable ofdetecting whether or not the user terminal 20 approaches the lockcontrol device 10-4, on the basis of the position information of theuser terminal 20 received from the user terminal 20, for example. Forexample, the approach detecting unit 118 may detect whether or not theuser terminal 20 approaches the lock control device 10-4, by receivingfrom the user terminal 20 the position information of the user terminal20 identified from the positioning signal received from the positioningsatellite such as the global positioning system (GPS), at predeterminedtime intervals. Alternatively, the approach detecting unit 118 maydetect whether or not the user terminal 20 approaches the lock controldevice 10-4, by receiving from the user terminal 20 the positioninformation of the transmitter transmitted by the transmitter installedindoors, for example.

(4-3-1-2. Detection Unit 120)

The detection unit 120 detects the unlocking request by the user 2 ofthe user terminal 20, in a case where the detection result of thevibration or the ambient sound measured by the measurement unit 138described later satisfies a predetermined condition. For example, thedetection unit 120 detects the unlocking request, in a case where it isdetected that the door is knocked by the user 2, on the basis of themeasurement result of the vibration by the measurement unit 138.Alternatively, the detection unit 120 detects the unlocking request, ina case where a predetermined information is received from the wearabledevice 50 worn by the user 2.

Note that the wearable device 50 may transmit to the lock control device10-4 the above predetermined information, in a case where apredetermined operating state such as shaking repetitively in thevertical direction by the user 2 is detected for example. Alternatively,the wearable device 50 may transmit the above predetermined informationto the lock control device 10-4, in a case where the user has tapped thedisplay screen image.

Also, as an exemplary variant, the detection unit 120 may detect theunlocking request, in a case where the vibration time point measured bythe measurement unit 138 and the vibration time point detected by thewearable device 50, which are received from the wearable device 50, areidentical with each other. Also, the detection unit 120 may detect theunlocking request, in a case where it is detected that the door isknocked by the user 2 the number of knocking times set in advance, onthe basis of the measurement result of the vibration by the measurementunit 138. According to these exemplary variants, since the unlockingrequest can be detected more appropriately, the security can beimproved.

(4-3-1-3. Locking Control Unit 108)

Control Example 1

The locking control unit 108 according to the fourth embodiment executespreprocessing among the processes for unlocking, in a case where theapproach detecting unit 118 detects that the user terminal 20 approacheswithin a predetermined range from the lock control device 10-4, forexample. Here, the preprocessing is a process that takes a large amountof time among the processes for unlocking. For example, thepreprocessing is the process other than the unlocking among theoperations of the unlocking processes illustrated in FIGS. 15 to 16. Asone example, the preprocessing may be the processes from S1801 to S1821.

Also, in a case where the approach detecting unit 118 further detectsthe approach of another user terminal 20 b while executing thepreprocessing of the user terminal 20 a, the locking control unit 108executes the preprocessing corresponding to the other user terminal 20b, after the end of the preprocessing of the user terminal 20 a.

Control Example 2

Also, in a case where the preprocessing ends, and the detection unit 120detects the unlocking request, the locking control unit 108 executes theunlocking control process among the processes for unlocking. Forexample, in a case where the preprocessing of the user terminal 20 aends, and the unlocking request by the user terminal 20 a is detected bythe detection unit 120 while the locking control unit 108 is executingthe preprocessing corresponding to another user terminal 20 b, first,the locking control unit 108 temporarily halts the preprocessingcorresponding to the other user terminal 20 b. Then, the locking controlunit 108 executes the unlocking control process corresponding to theuser terminal 20 a.

Here, with reference to FIG. 36, the above function will be described inmore detail. FIG. 36 is an explanatory diagram illustrating the flow ofthe process by the locking control unit 108, with respect to the userterminals 20 a to 20 c that have approached the lock control device10-4. As illustrated in FIG. 36, first, it is assumed that the approachdetecting unit 118 has detected at time “t1” that the user terminal 20 ahas approached the lock control device 10-4. In this case, the lockingcontrol unit 108 starts the preprocessing of the user terminal 20 a atthe time “t1”. Note that, as illustrated in FIG. 36, the preprocessingis a process that takes a certain amount of time, such as from the time“t1” to “t4”, for example.

Then, it is assumed that the approach detecting unit 118 has detectedthat the user terminal 20 b has approached to the lock control device10-4, at time “t2”, while the locking control unit 108 is executing thepreprocessing of the user terminal 20 a. In this case, the lockingcontrol unit 108 puts into a queue the identification information suchas the device ID received from the user terminal 20 b for example, andthen causes the user terminal 20 b to wait.

Further, it is assumed that the approach detecting unit 118 has detectedthat the user terminal 20 c has approached to the lock control device10-4 at time “t3”, while continuing the preprocessing of the userterminal 20 a. In this case, the locking control unit 108 puts into thequeue the identification information of the user terminal 20 c, and thencauses the user terminal 20 c to wait, similarly.

Thereafter, it is assumed that the preprocessing of the user terminal 20a ends at the time “t4”. In this case, the locking control unit 108takes out the identification number from the head of the queue, and thenstarts the preprocessing of the user terminal 20 (i.e., the userterminal 20 b) corresponding to the identification number that is takenout.

Thereafter, it is assumed that the detection unit 120 has detected theunlocking request from the user terminal 20 a, at time “t5”, while thelocking control unit 108 is executing the preprocessing of the userterminal 20 b. In this case, the locking control unit 108 temporarilyhalts the preprocessing of the user terminal 20 b, and then starts theunlocking control process of the user terminal 20 a. Then, when theunlocking control process of the user terminal 20 a ends at time “t6”,the locking control unit 108 restarts the halting preprocessing of theuser terminal 20 b.

(4-3-1-4. Measurement Unit 138)

The measurement unit 138 measures various types of information, by anacceleration sensor, a geomagnetic sensor, or a microphone for example,which is included in the lock control device 10-4. For example, themeasurement unit 138 measures acceleration of the lock control device10-4, and ambient sound and the like.

Note that other components included in the lock control device 10-4 aresubstantially similar to the first embodiment. Also, the configurationof the user terminal 20 and the server 30 are substantially similar tothe first embodiment.

4-4. Operation

In the above, the configuration according to the fourth embodiment hasbeen described. Next, the operation according to the fourth embodimentwill be described with reference to FIGS. 37 to 39. Note that, here, theoperation in a situation of unlocking request by the user terminal 20will be described. More specifically, to the lock control device 10-4,an exemplary operation in a case where first the user terminal 20 aapproaches the lock control device 10-4, and thereafter another userterminal 20 b approaches the lock control device 10-4 will be described.

Note that other types of operations are similar to the first embodimentillustrated in FIGS. 6 to 17, and therefore the description will beomitted.

[4-4-1. Overall Operation]

As illustrated in FIG. 37, first, the locking control unit 108 of thelock control device 10-4 waits until the approach detecting unit 118detects the approach of one of the user terminals 20 (S5001).

Then, if the approach detecting unit 118 detects the approach of theuser terminal 20 a (S5001: Yes), the locking control unit 108 starts thepreprocessing of the user terminal 20 a (S5003).

Thereafter, if the approach detecting unit 118 detects the approach ofanother user terminal 20 b during the preprocessing of the user terminal20 a (S5005: Yes), the locking control unit 108 puts the identificationinformation of the detected user terminal 20 b into the queue (S5007).

Then, the locking control unit 108 repeats the process of S5005 toS5007, until the preprocessing of the user terminal 20 a ends.

Here, with reference to FIG. 38, the operation after S5007 will bedescribed. If the preprocessing of the user terminal 20 a ends afterS5007 (S5009: Yes), the locking control unit 108 takes out theidentification information at the head, among the identificationinformation put into the queue (S5021).

Subsequently, the locking control unit 108 starts the preprocessingcorresponding to the user terminal 20 b of the identificationinformation taken out in S5021 (S5023).

Then, the locking control unit 108 performs the “unlocking requestdetermination process” described later (S5025). Thereafter, until thedetection unit 120 detects the unlocking request from the user terminal20 a, the locking control unit 108 repeats the process of S5025.

If the unlocking request from the user terminal 20 a is detected by thedetection unit 120 in S5025 (S5027: Yes), the locking control unit 108temporarily halts the preprocessing of the user terminal 20 b (S5029).

Subsequently, the locking control unit 108 executes the unlockingcontrol process of the user terminal 20 a (S5031).

Thereafter, the locking control unit 108 restarts the preprocessing ofthe user terminal 20 b that temporarily halts in S5029 (S5033).

[4-4-2. Unlocking Request Determination Process]

Next, with reference to FIG. 39, the operation of the “unlocking requestdetermination process” in S5025 will be described in detail.

As illustrated in FIG. 39, first, the detection unit 120 of the lockcontrol device 10-4 determines whether or not vibration is detected, onthe basis of the measurement result of the acceleration by themeasurement unit 138 (S5101). If the vibration is not detected (S5101:No), the detection unit 120 performs the operation of S5109 describedlater.

On the other hand, if the vibration is detected (S5101: Yes), thedetection unit 120 waits for a predetermined time for example, until thevibration time point detected by the wearable device 50 is received fromthe wearable device 50 (S5103). If the vibration time point is notreceived (S5103: No), the detection unit 120 performs the operation ofS5109 described later.

On the other hand, if the detected vibration time point is received fromthe wearable device 50 (S5103: Yes), the detection unit 120 determineswhether or not the vibration time point detected in S5101 and thereceived vibration time point are identical with each other (S5105).

If the vibration time points are identical with each other (S5105: Yes),the detection unit 120 detects the unlocking request from the userterminal 20 a (S5107). On the other hand, if the vibration time pointsare not identical with each other (S5105: No), the detection unit 120does not detect the unlocking request (S5109).

4-5. Effect

[4-5-1. Effect 1]

In the above, as described with reference to FIGS. 35 to 39 for example,the lock control device 10-4 according to the fourth embodiment executesthe preprocessing among the processes for unlocking, in a case where itis detected that the user terminal 20 approaches. Then, in a case wherethe preprocessing ends, and the unlocking request from the user terminal20 is detected, the lock control device 10-4 executes the unlockingcontrol process among the processes for unlocking.

Hence, the lock control device 10-4 executes the preprocessingbeforehand, and therefore it is sufficient that only the remainingprocess (i.e., the unlocking control process) among the processes forunlocking be executed at the time of the unlocking request, and theprocess ends in a short time. Thus, the time during which the user 2 isforced to wait in front of the door is shortened at the time of theunlocking request.

Also, in a case where the unlocking request by the user terminal 20 afor which the preprocessing has ended already is detected whileexecuting the preprocessing of the user terminal 20 b, the lock controldevice 10-4 temporarily halts the preprocessing of the user terminal 20b, and then executes the unlocking control process of the user terminal20 a. Hence, even in a case where a plurality of user terminals 20approach the lock control device 10-4 within a same time period,unlocking is performed promptly upon unlocking operation by the user 2of the user terminal 20 a. Hence, the user 2 is forced to wait littlefor unlocking, and does not feel the stress.

[4-5-2. Effect 2]

Also, according to the fourth embodiment, the user can perform theunlocking operation, by shaking the wearable device 50 or by tapping thewearable device 50, for example. Hence, the user is needless to activatethe application in the user terminal 20 at each trial of unlocking thedoor for example, and thus the work load is reduced.

[4-5-3. Effect 3]

Also, as long as the unlocking request from the user terminal 20 is notdetected, the lock control device 10-4 does not execute the unlockingcontrol process, and therefore the safety of the unlocking improves, ascompared with the publicly known key less entry technology, for example.For example, in a case where the user is positioned away from the door,the door is prevented from being unlocked without intention of the user.

4-6. Exemplary Variant

Note that the following exemplary variant is applicable, in a case wherethe lock control device 10-4 and the user terminal 20 communicate inaccordance with Bluetooth. For example, in a case where the detectionunit 120 has not detected the unlocking request by the user terminal 20a for which the preprocessing has ended already, and the preprocessingcurrently executed for another user terminal 20 b ends, the lockingcontrol unit 108 may return the connection of Bluetooth from the userterminal 20 b to the user terminal 20 a.

Normally, the connection of Bluetooth takes a certain amount of time.According to this exemplary variant, the connection of Bluetooth isreturned in advance to the user terminal 20 a for which thepreprocessing has ended previously, so that the lock control device 10-4can execute the unlocking control process corresponding to the userterminal 20 a in shorter time, in a case where the unlocking request bythe user terminal 20 a is detected.

5. Fifth Embodiment 5-1. Background

In the above, the fourth embodiment has been described. Next, the fifthembodiment will be described. First, the background that has lead up tocreating the fifth embodiment will be described.

In general, it is desirable that the door is automatically locked at anappropriate time point, after unlocked transiently. In the publiclyknown technology, there is proposed a method for automatically locking,when a predetermined time has passed since the door is unlocked.However, in this method, there is a risk that the locking process isperformed with the door open, in a case where the user keeps the dooropen.

As described later, a lock control device 10-5 according to the fifthembodiment can lock automatically at an appropriate time point.

5-2. System Configuration

The system configuration according to the fifth embodiment is similar tothe first embodiment illustrated in FIG. 1 or FIG. 18.

5-3. Configuration

[5-3-1. Lock Control Device 10-5]

Next, the configuration according to the fifth embodiment will bedescribed in detail. FIG. 40 is a functional block diagram illustratingthe configuration of the lock control device 10-5 according to the fifthembodiment. As illustrated in FIG. 40, the lock control device 10-5according to the fifth embodiment includes a control unit 100-5, insteadof the control unit 100-1, as compared with the lock control device 10-1illustrated in FIG. 2. Also, the lock control device 10-5 furtherincludes the measurement unit 138.

(5-3-1-1. Control Unit 100-5)

The control unit 100-5 further includes an open-close state determiningunit 122, as compared with the control unit 100-1 according to the firstembodiment.

(5-3-1-2. Open-Close State Determining Unit 122)

The open-close state determining unit 122 determines whether or not thedoor in which the lock control device 10-5 is installed is closed, onthe basis of the measurement result measured by the measurement unit138. For example, the open-close state determining unit 122 determinesthat the door is moving, in a case where the acceleration measured bythe measurement unit 138 is a value equal to or larger than apredetermined threshold value.

Also, the open-close state determining unit 122 determines whether ornot the door is closed, by comparing a value of geomagnetism measured bythe measurement unit 138 with a measured value of geomagnetism of a doorclosing state, which is stored in the storage unit 134 for example. Morespecifically, the open-close state determining unit 122 determines thatthe door is closed, in a case where the difference between the measuredvalue of geomagnetism of the door closed state and the value ofgeomagnetism measured by the measurement unit 138 is within apredetermined range. Also, the open-close state determining unit 122determines that the door is open in a case where the above difference isout of the predetermined range.

Exemplary Variant

Note that, as an exemplary variant, the open-close state determiningunit 122 is also capable of determining whether or not the installationstate of the lock control device 10-5 is abnormal, on the basis of themeasurement result by the measurement unit 138. For example, when themeasurement unit 138 measures an acceleration of a value within apredetermined range, the open-close state determining unit 122 maydetermine that the lock control device 10-5 is falling from the doorinstalled. Further, the open-close state determining unit 122 is alsocapable of discriminating the installation orientation of the lockcontrol device 10-5 on the basis of the direction of the gravity forcemeasured by the measurement unit 138. For example, in a case where thelock control device 10-5 is installed on the door with a double-facedadhesive tape, the installation orientation of the lock control device10-5 can change. Thus, in a case where the discriminated installationorientation of the lock control device 10-5 is shifted from apredetermined direction, the open-close state determining unit 122 maydetermine that the installation state of the lock control device 10-5 isabnormal.

(5-3-1-3. Locking Control Unit 108)

The locking control unit 108 according to the fifth embodiment causesthe locking unit 132 to lock, in a case where a predetermined time haspassed after causing the locking unit 132 to unlock for example, and theopen-close state determining unit 122 determines that the door isclosed.

(5-3-1-4. Transmission Control Unit 112)

In a case where a predetermined time has passed since the open-closestate determining unit 122 determines that the door is open, thetransmission control unit 112 according to the fifth embodiment iscapable of causing the communication unit 130 to transmit thenotification of the warning to the user terminal 20. According to thistransmission example, the user can be warned that the door is kept openfor a long time.

Note that the function of the measurement unit 138 is similar to thefourth embodiment. Also, other components included in the lock controldevice 10-5 are substantially similar to the first embodiment. Also, theconfigurations of the user terminal 20 and the server 30 aresubstantially similar to the first embodiment.

5-4. Operation

In the above, the configuration according to the fifth embodiment hasbeen described. Next, the operation according to the fifth embodimentwill be described with reference to FIG. 41. Note that, here, theoperation at the time unlocking and locking of the door will bedescribed. Other types of operations are similar to the first embodimentillustrated in FIGS. 6 to 17, and therefore the description will beomitted.

As illustrated in FIG. 41, first, the locking control unit 108 of thelock control device 10-5 waits until unlocked by the locking unit 132(for example, until the operation of S1833 illustrated in FIG. 16 isperformed) (S6001).

Then, if unlocked (S6001: Yes), the locking control unit 108 waits for acertain amount of time. Note that, during this, the open-close statedetermining unit 122 determines on a regular basis whether or not thedoor in which the lock control device 10-5 is installed is closed(S6003).

Subsequently, the locking control unit 108 confirms whether or not theopen-close state determining unit 122 determines that the door is closedat present moment (S6005). If it is determined that the door is closed(S6005: Yes), the locking control unit 108 causes the locking unit 132to lock (S6007). Thereafter, the lock control device 10-5 performs theoperation of S6001 again.

On the other hand, if it is determined the door is open (S6005: No), thelocking control unit 108 repeats the operation of S6005, until apredetermined time passes.

Then, if the predetermined time passes (S6009: Yes), the transmissioncontrol unit 112 causes the communication unit 130 to transmit thenotification of the warning to the user terminal 20 (S6011).

Thereafter, the lock control device 10-5 performs the operation of S6005again.

5-5. Effect

In the above, as described with reference to FIGS. 40 and 41, the lockcontrol device 10-5 according to the fifth embodiment automaticallylocks in a case where a predetermined time has passed after unlockingfor example, and it is determined that the door in which the lockcontrol device 10-5 is installed is closed.

Hence, automatic lock is enabled only when the door is closed. Also, thedoor in an open state can be prevented from being locked.

5-6. Exemplary Variant

Note that, as an exemplary variant of the fifth embodiment, a magnet maybe installed on a wall adjacent to the lock control device 10-5.According to this exemplary variant, the difference between themeasurement result of geomagnetism when the door is open and themeasurement result of geomagnetism when the door is closed is consideredto become larger. Thus, the lock control device 10-5 can determine theopen-close state of the door more accurately.

Also, in the above description, an example in which, in a case where itis determined that the door is open for a long time, the lock controldevice 10-5 transmits the notification of the warning to the userterminal 20 has been described, but is not limited to such an example.For example, in the above case, the lock control device 10-5 may sound abuzzer.

6. Sixth Embodiment 6-1. Background

In the above, the fifth embodiment has been described. Next, the sixthembodiment will be described. First, the background that has lead up tocreating the sixth embodiment will be described.

In a situation where the lock control device 10-1 wirelesslycommunicates with the user terminal 20 and authenticates the userterminal 20 to execute the unlocking process, the user 2 of the userterminal 20 does not interact with the lock control device 10-1physically at all. Hence, without notifying the user by some sort ofmechanism that the lock control device 10-1 is reacting, the user 2cannot understand the situation of the lock control device 10-1, such asthe lock control device 10-1 communicating with the user terminal 20,and the lock control device 10-1 malfunctioning, for example.

In the publicly known technology, there is proposed a method in whichthe lock control device is installed outside the door, to inform theuser of the situation of the lock control device, by a display mechanismsuch as a light emitting diode (LED) or a display. However, when thelock control device is installed outside the door, there is a risk thatthe lock control device is stolen by a malicious person.

Also, as another method, there is a method in which the lock controldevice is installed inside the door, and a display device for informingthe user of the situation of the lock control device is furtherinstalled outside the door. However, in this method, the cost formanufacturing and installing the device is large.

As described later, even in a case where a lock control device 10-6 isinstalled inside the door, the lock control device 10-6 according to thesixth embodiment is capable of notifying the user of the situation ofthe process.

6-2. System Configuration

The system configuration according to the sixth embodiment is similar tothe first embodiment illustrated in FIG. 1 or FIG. 18.

6-3. Configuration

[6-3-1. Lock Control Device 10-6]

Next, the configuration according to the sixth embodiment will bedescribed in detail. FIG. 42 is a functional block diagram illustratingthe configuration of the lock control device 10-6 according to the sixthembodiment. As illustrated in FIG. 42, the lock control device 10-6according to the sixth embodiment includes a control unit 100-6, insteadof the control unit 100-1, as compared with the lock control device 10-1illustrated in FIG. 2.

(6-3-1-1. Control Unit 100-6)

The control unit 100-6 further includes a process situation notifyingunit 124, as compared with the control unit 100-1 according to the firstembodiment.

(6-3-1-2. Process Situation Notifying Unit 124)

The process situation notifying unit 124 causes the communication unit130 to transmit to the relevant user terminal 20 the process situationnotification indicating the process situation by the locking controlunit 108, at a predetermined time point. For example, each time ato-be-notified event occurs while the locking control unit 108 executesthe process for unlocking, the process situation notifying unit 124causes the communication unit 130 to transmit to the relevant userterminal 20 a process situation notification indicating the content ofthe to-be-notified event that has occurred.

Here, the process for unlocking is similar to the fourth embodiment.Also, for example, the to-be-notified event may be “the lock controldevice 10-6 and the user terminal 20 becomes connectable to each other”,“the lock control device 10-6 and the user terminal 20 have actuallyconnected to each other”, “the authentication process of the userterminal 20 is ongoing”, “the authentication process of the userterminal 20 is completed”, or, “the unlocking is completed”. Note that,“having actually connected” refers to execution of a bond process inBLE, for example.

Note that other components included in the lock control device 10-6 aresubstantially similar to the first embodiment.

[6-3-2. User Terminal 20]

Next, the configuration of the user terminal 20 according to the sixthembodiment will be described.

(6-3-2-1. Control Unit 200)

On the basis of the process situation notification received from thelock control device 10-6, the control unit 200 according to the sixthembodiment outputs the received process situation notification. Forexample, the control unit 200 causes the user terminal 20 or thewearable device 50 to vibrate, in a case where the received processsituation notification is a predetermined notification. Also, thecontrol unit 200 displays the content of the received process situationnotification on the display screen, in a case where the received processsituation notification is other than the predetermined notification.Here, the predetermined notification may be a notification indicating“having actually connected” for example. According to such aconfiguration, the vibration of the user terminal 20 or the wearabledevice 50 prompts the user to confirm the display screen image. Also,the vibration event is only once, and therefore there is little riskthat the user feels discomfort.

Note that other components included in the user terminal 20 aresubstantially similar to the first embodiment. Also, the configurationof the server 30 is substantially similar to the first embodiment.

6-4. Operation

In the above, the configuration according to the sixth embodiment hasbeen described. Next, the operation according to the sixth embodimentwill be described with reference to FIG. 43. Note that, here, theoperation at the time of the unlocking processing will be described.Other types of operations are similar to the first embodimentillustrated in FIGS. 6 to 17, and therefore the description will beomitted. Also, the operation illustrated in FIG. 43 is assumed to beperformed on a regular basis at predetermined time intervals.

As illustrated in FIG. 43, first, the process situation notifying unit124 of the lock control device 10-6 confirms the process situation ofthe lock control device 10-6, and confirms whether or not theto-be-notified event has occurred (S7001). If the to-be-notified eventhas occurred (S7001: Yes), the process situation notifying unit 124causes the communication unit 130 to transmit to the relevant userterminal 20 a process situation notification indicating the content ofthe to-be-notified event (S7003).

Thereafter, the control unit 200 of the user terminal 20 determineswhether or not the process situation notification received in S7003 is apredetermined notification (S7005). If the received process situationnotification is the predetermined notification (S7005: Yes), the controlunit 200 causes the user terminal 20 or the wearable device 50 (worn bythe user 2 of the user terminal 20) to vibrate (S7007).

On the other hand, if the received process situation notification isother than the predetermined notification (S7005: No), the control unit200 displays the content of the received process situation notificationon the display screen (S7009).

6-5. Effect

In the above, as described with reference to FIGS. 42 and 43, each timethe to-be-notified event occurs, the lock control device 10-6 accordingto the sixth embodiment transmits to the relevant user terminal 20 theprocess situation notification indicating the content of theto-be-notified event that has occurred. Hence, even in a case where thelock control device 10-6 is installed inside the door (i.e., inside aroom), the user can be notified of the situation of the lock controldevice 10-6.

As a result, the lock control device 10-6 is needless to be installedoutside the door, and therefore there is little risk that the lockcontrol device 10-6 is stolen. Also, for example, a display device forinforming the user of the situation of the lock control device 10-6 isneedless to be installed, and therefore the cost for manufacturing andinstalling the device can be reduced.

7. Seventh Embodiment 7-1. Background

In the above, the sixth embodiment has been described. Next, the seventhembodiment will be described. First, the background that has lead up tocreating the seventh embodiment will be described.

Normally, a battery such as a dry cell battery and a secondary batteryis utilized in many cases, as a power supply of the lock control devicesuch as the lock control device 10-1. Hence, when the battery electricpower remaining level becomes insufficient, the lock control devicebecomes unusable, and therefore it is desirable to notify the user ofthe appropriate battery exchange time point.

However, the consumption of the dry cell battery is affected largely byambient temperature for example, and therefore, the battery lifetime ofthe dry cell battery is generally difficult to predict. Hence, there isa risk that the battery lifetime ends earlier than the predictedlifetime.

Also, with regard to the rechargeable dry cell battery, there is aproblem that the lock control device is unusable without a substitutebattery, while charging the battery.

Also, a method in which the lock control device includes a built-inrechargeable battery can be considered, but in this method, chargingwork is inconvenient for the user. For example, the user is to performwork such as wiring a charge cable between a lock control device and anelectricity outlet.

As described later, a lock control device 10-7 according to the seventhembodiment is capable of notifying the user of an appropriate exchangetime point of the battery.

7-2. System Configuration

The system configuration according to the seventh embodiment is similarto the first embodiment illustrated in FIG. 1 or FIG. 18.

7-3. Configuration

[7-3-1. Lock Control Device 10-7]

Next, the configuration according to the seventh embodiment will bedescribed in detail. FIG. 44 is a functional block diagram illustratingthe configuration of the lock control device 10-7 according to theseventh embodiment. As illustrated in FIG. 44, the lock control device10-7 according to the seventh embodiment includes a control unit 100-7,instead of the control unit 100-1, as compared with the lock controldevice 10-1 illustrated in FIG. 2. Also, the lock control device 10-7further includes a battery switch unit 140.

Also, although not illustrated in FIG. 44, the lock control device 10-7includes two types of batteries, which are a first battery and a secondbattery. Here, the first battery is a battery in use, and the secondbattery is an auxiliary battery for backup. Also, the first battery andthe second battery can be batteries of the same type. Also, the firstbattery and the second battery may be a dry cell battery such as alithium dry cell battery or a battery such as a secondary battery, forexample.

(7-3-1-1. Control Unit 100-7)

The control unit 100-7 further includes a remaining battery levelacquiring unit 126 and a battery exchange warning notifying unit 128, ascompared with the control unit 100-1 according to the first embodiment.

(7-3-1-2. Remaining Battery Level Acquiring Unit 126)

The remaining battery level acquiring unit 126 acquires informationindicating the remaining level of the first battery, from the firstbattery for example. Note that, in a case where the first battery is thedry cell battery, the information indicating the above remaining levelmay be the information indicating whether or not the voltage equal to orlarger than a threshold value is measured, for example.

(7-3-1-3. Battery Exchange Warning Notifying Unit 128)

In a case where the information acquired by the remaining battery levelacquiring unit 126 indicates that the remaining level of the firstbattery has become equal to or smaller than the predetermined thresholdvalue, the battery exchange warning notifying unit 128 causes thecommunication unit 130 to transmit a warning notification for batteryexchange to the user terminal 20. For example, in the above case anduntil the first battery is exchanged, the battery exchange warningnotifying unit 128 may cause the communication unit 130 to transmit thewarning notification for battery exchange to the user terminal 20 on aregular basis.

Here, the predetermined threshold value may be the minimum electricpower level to activate the lock control device 10-7 normally, forexample. Also, a predetermined threshold value may be “0”.

(7-3-1-4. Battery Switch Unit 140)

In a case where the information acquired by the remaining battery levelacquiring unit 126 indicates that the remaining level of the firstbattery has become equal to or smaller than a predetermined thresholdvalue, the battery switch unit 140 switches the battery to use, from thefirst battery to the second battery.

Note that other components included in the lock control device 10-7 aresubstantially similar to the first embodiment.

[7-3-2. User Terminal 20]

Next, the configuration of the user terminal 20 according to the seventhembodiment will be described.

(7-3-2-1. Display Control Unit 210)

In a case where the warning notification for battery exchange isreceived from the lock control device 10-7, the display control unit 210according to the seventh embodiment causes the operation display unit222 to display the received warning notification. For example, thedisplay control unit 210 may cause the operation display unit 222 todisplay the warning notification continuously in a pop-up manner, untilselected by the user, for example.

Also, the display control unit 210 is capable of causing the operationdisplay unit 222 to further display a menu screen image for the user 2to order a battery, in a case where the warning notification displayedon the display screen is selected by the user 2.

Note that other components included in the user terminal 20 aresubstantially similar to the first embodiment. Also, the configurationof the server 30 is substantially similar to the first embodiment.

7-4. Operation

In the above, the configuration according to the seventh embodiment hasbeen described. Next, the operation according to the seventh embodimentwill be described with reference to FIG. 45. Note that this operation isperformed on a regular basis at predetermined time intervals, while thelock control device 10-7 is activated, for example. Also, other types ofoperations are similar to the first embodiment illustrated in FIGS. 6 to17, and therefore the description will be omitted.

As illustrated in FIG. 45, first, the remaining battery level acquiringunit 126 of the lock control device 10-7 acquires the informationindicating the remaining level of the first battery, from the firstbattery for example. Then, the battery switch unit 140 confirms whetheror not the remaining level indicated by the acquired information isequal to or smaller than a predetermined threshold value (S8001). If theremaining level has not become equal to or smaller than thepredetermined threshold value (S8001: No), the lock control device 10-7performs the operation of S8009 described later.

On the other hand, if the remaining level is equal to or smaller thanthe predetermined threshold value (S8001: Yes), the battery switch unit140 switches the battery to use, from the first battery to the secondbattery (S8003). Then, the battery exchange warning notifying unit 128causes the communication unit 130 to transmit the warning notificationfor battery exchange to the user terminal 20 (S8005).

Thereafter, the display control unit 210 of the user terminal 20 causesthe operation display unit 222 to display the warning notificationreceived in S8005. Further, if the displayed warning notification isselected by the user, the display control unit 210 causes the operationdisplay unit 222 to display a battery order menu (S8007).

Thereafter, the lock control device 10-7 waits for a certain amount oftime (S8009). Thereafter, the lock control device 10-7 repeats theoperation of S8001 again.

7-5. Effect

[7-5-1. Effect 1]

In the above, as described with reference to FIGS. 44 and 45, in a casewhere it is detected that the remaining level of the first battery hasbecome equal to or smaller than a predetermined threshold value, thelock control device 10-7 according to the seventh embodimentautomatically switches the battery to use, from the first battery to theauxiliary second battery. Hence, occurrence of remaining battery levelinsufficiency can be prevented, and the lock control device 10-7 can beactivated for a long time in a stabilized manner.

[7-5-2. Effect 2]

Also, in a case where it is detected that the remaining level of thefirst battery has become equal to or smaller than a predeterminedthreshold value, the lock control device 10-7 transmits the warningnotification to the user terminal 20. Hence, the lock control device10-7 can prompt the user to exchange the battery at an appropriate timepoint. As a result, for example, inefficient battery exchange by theuser, such as user's exchange of a dry cell battery which is stillusable, can be avoided.

Also, the user terminal 20 is capable of causing the operation displayunit 222 to display the battery order menu in association with thereceived warning notification. Hence, the user 2 can also perform orderand payment of the battery in the relevant application, enhancingconvenience for the user.

8. Modification Example

The preferred embodiments of the present disclosure have been describedabove with reference to the accompanying drawings, whilst the presentdisclosure is not limited to the above examples, of course. A personskilled in the art may find various alterations and modifications withinthe scope of the appended claims, and it should be understood that theywill naturally come under the technical scope of the present disclosure.

In above each embodiment, an example in which the lock control device10-1 to the lock control device 10-7 are installed in a door at anentrance of a house has been described mainly, but embodiments are notlimited to such examples. The lock control device 10-1 to the lockcontrol device 10-7 can be installed in various types of doors, such asa door of a locker installed in an airport, a station, or the like, anda door of a car, for example. Also, it may be applied to a lockingmechanism of a bicycle or the like.

Also, the steps in the operation of above each embodiment are needlessto be executed in the described order. For example, the steps may beexecuted in the order changed as appropriate. Also, the steps may beexecuted in parallel or individually in part, instead of being executedin temporal sequence.

Also, according to above each embodiment, a computer program for causinga processor such as a CPU and hardware such as a RAM to exercise afunction equivalent to each configuration of the above lock controldevice 10-1 may be provided. Also, a recording medium storing thecomputer program is provided.

Additionally, the present technology may also be configured as below.

(1)

An information processing apparatus including:

a communication unit configured to receive an unlocking request andfirst information generated on the basis of a first secret key, from afirst communication terminal; and

a determination unit configured to determine whether or not to cause alocking unit to unlock, on the basis of a first public key correspondingto the first secret key and the generated first information.

(2)

The information processing apparatus according to (1), furtherincluding:

a verification processing unit configured to verify the generated firstinformation on the basis of the first public key, in which

the determination unit determines whether or not to cause the lockingunit to unlock, on the basis of a verification result of the generatedfirst information.

(3)

The information processing apparatus according to (2), in which

in a case where the verification processing unit verifies that thegenerated first information is rightful, the determination unitdetermines to cause the locking unit to unlock.

(4)

The information processing apparatus according to (2) or (3), in which

the communication unit further receives first key information includingthe first public key and signature information for the first public keyby a second communication terminal,

the information processing apparatus further includes a key verifyingunit configured to verify rightfulness of the first public key on thebasis of the signature information for the first public key, and

the determination unit further determines whether or not to cause thelocking unit to unlock, on the basis of a verification result obtainedby the key verifying unit.

(5)

The information processing apparatus according to (4), in which

in a case where it is verified that the first public key is rightful,the determination unit determines to cause the locking unit to unlock.

(6)

The information processing apparatus according to (4) or (5), in which

the signature information for the first public key is information inwhich a digital signature is created for the first public key using asecond secret key associated with the second communication terminal,

the verification processing unit further verifies the signatureinformation for the first public key on the basis of a second public keycorresponding to the second secret key, and

the key verifying unit verifies whether or not the first public key isrightful on the basis of a verification result of the signatureinformation for the first public key and the first public key.

(7)

The information processing apparatus according to (6), furtherincluding:

a storage unit configured to store the second public key.

(8)

The information processing apparatus according to any one of (1) to 6,further including:

a storage unit configured to store a first algorithm and a secondalgorithm, in which

the first public key and the first secret key are each information basedon the first algorithm.

(9)

The information processing apparatus according to (8), in which

a third public key and a third secret key corresponding to the thirdpublic key are each information based on the second algorithm,

the communication unit further receives first information generated onthe basis of the third secret key, from the first communicationterminal, and

the determination unit determines whether or not to cause the lockingunit to unlock, on the basis of the third public key and the firstinformation generated on the basis of the third secret key.

(10)

The information processing apparatus according to (8) or (9), in which

the communication unit further receives a change request from the firstalgorithm to the second algorithm, from the first communicationterminal, and

the information processing apparatus further includes an algorithmswitch unit configured to stop using the first algorithm in a case wherethe change request is received.

(11)

The information processing apparatus according to any one of (4) to (7),in which

the first key information further includes date and time changingauthority information indicating presence or absence of authority forchanging date and time information managed by the information processingapparatus, and

the information processing apparatus further includes a date and timeinformation changing unit configured to determine availability orunavailability of change of the date and time information by the firstcommunication terminal, on the basis of the date and time changingauthority information included in the first key information.

(12)

The information processing apparatus according to any one of (1) to(11), further including:

the locking unit.

(13)

An information processing method including:

receiving an unlocking request and first information generated on thebasis of a first secret key, from a first communication terminal; and

determining whether or not to cause a locking unit to unlock, on thebasis of a first public key corresponding to the first secret key andthe generated first information.

(14)

A program for causing a computer to function as:

a communication unit configured to receive an unlocking request andfirst information generated on the basis of a first secret key, from afirst communication terminal; and

a determination unit configured to determine whether or not to cause alocking unit to unlock, on the basis of a first public key correspondingto the first secret key and the generated first information.

(15)

An information processing system including:

a first communication terminal; and

an information processing apparatus, in which

the information processing apparatus includes

a communication unit configured to receive an unlocking request andfirst information generated on the basis of a first secret key, from thefirst communication terminal, and

a determination unit configured to determine whether or not to cause alocking unit to unlock, on the basis of a first public key correspondingto the first secret key and the generated first information.

(16)

The information processing system according to (15), further including:

a second communication terminal; and

a management device, in which

the second communication terminal transmits, to the first communicationterminal, second information and link information to the managementdevice,

the first communication terminal transmits the second information to themanagement device to thereby receive first key information from themanagement device, and

the first key information includes signature information for the firstpublic key by the second communication terminal.

(17)

The information processing system according to (16), in which

in a case where the second information is received from the firstcommunication terminal, the management device transmits a request forissuing the first key information to the second communication terminal,and

in a case where the request for issuing the first key information isreceived from the management device, the second communication terminaltransmits the first key information to the management device.

(18)

The information processing system according to (16) or (17), in which

the first key information further includes rank information indicating arank of a user of the first communication terminal, and

the rank information included in the first key information indicates arank lower than a rank of a user of the second communication terminal.

(19)

The information processing system according to (18), in which

the user of the second communication terminal is an administrator of theinformation processing apparatus.

(20)

The information processing system according to any one of (15) to (19),further including:

a third communication terminal; and

a management device, in which

a fourth public key is associated with the third communication terminal,

the first communication terminal transmits, to the third communicationterminal, third information and link information to the managementdevice,

the third communication terminal transmits the third information to themanagement device to thereby receive third key information from themanagement device, and

the third key information includes signature information for the fourthpublic key by the first communication terminal.

REFERENCE SIGNS LIST

-   10-1 to 10-7 lock control device-   20 user terminal-   22 communication network-   30 server-   32 database-   50 wearable device-   100-1 to 100-7 control unit-   102 key information verifying unit-   104 verification processing unit-   106 determination unit-   108 locking control unit-   110 random number generating unit-   112 transmission control unit-   114 algorithm switch unit-   116 date and time information changing unit-   118 approach detecting unit-   120 detection unit-   122 open-close state determining unit-   124 process situation notifying unit-   126 remaining battery level acquiring unit-   128 battery exchange warning notifying unit-   130 communication unit-   132 locking unit-   134 storage unit-   136 registration key DB-   138 measurement unit-   140 battery switch unit-   200 control unit-   202 cipher generating unit-   204 key information issuing unit-   206 transmission control unit-   208 invitation e-mail generating unit-   210 display control unit-   220 communication unit-   222 operation display unit-   224 storage unit-   300 control unit-   302 key information issuance requesting unit-   304 transmission control unit-   306 random number generating unit-   308 verification processing unit-   310 verifying unit-   320 communication unit-   322 storage unit

The invention claimed is:
 1. An information processing system comprising: a first communication terminal; a second communication terminal; a management device; and an information processing apparatus, wherein the information processing apparatus includes communication circuitry configured to receive an unlocking request and first information generated based on a first secret key, from the first communication terminal, and control circuitry configured to determine whether or not to cause a locking circuit to unlock, based on a first public key corresponding to the first secret key and the generated first information, wherein in a case where second information is received from the first communication terminal, the management device transmits a request for issuing first key information to the second communication terminal, and in a case where the request for issuing the first key information is received from the management device, the second communication terminal transmits the first key information to the management device.
 2. The information processing system according to claim 1, wherein the first key information further includes rank information indicating a rank of a user of the first communication terminal, and the rank information included in the first key information indicates a rank lower than a rank of a user of the second communication terminal.
 3. The information processing system according to claim 2, wherein the user of the second communication terminal is an administrator of the information processing apparatus.
 4. The information processing system according to claim 1, further comprising: a third communication terminal; and a management device, wherein a fourth public key is associated with the third communication terminal, the first communication terminal transmits, to the third communication terminal, third information and link information to the management device, the third communication terminal transmits the third information to the management device to thereby receive third key information from the management device, and the third key information includes signature information for the fourth public key by the first communication terminal.
 5. The information processing system according to claim 1, wherein the second communication terminal transmits, to the first communication terminal, second information and link information to the management device.
 6. The information processing system according to claim 1, wherein the first communication terminal transmits the second information to the management device to thereby receive first key information from the management device, and the first key information includes signature information for the first public key by the second communication terminal.
 7. The information processing system according to claim 1, wherein the communication circuitry is configured to transmit to a server, a request to acquire a confirmation flag of a key including identification information.
 8. The information processing system according to claim 7, wherein the first communication terminal confirms whether or not a value of the confirmation flag received from the server is ON, and when the value is ON, a second communication terminal causes to transmit the server a request to confirm the key including the identification information.
 9. An information processing method comprising: receiving, by communication circuitry of an information processing apparatus, an unlocking request and first information generated based on a first secret key, from a first communication terminal, and determining, by control circuitry, whether or not to cause a locking circuit to unlock, based on a first public key corresponding to the first secret key and the generated first information, wherein in a case where second information is received from the first communication terminal, a management device transmits a request for issuing first key information to a second communication terminal, and in a case where the request for issuing the first key information is received from the management device, the second communication terminal transmits the first key information to the management device.
 10. The information processing method according to claim 9, wherein the first key information further includes rank information indicating a rank of a user of the first communication terminal, and the rank information included in the first key information indicates a rank lower than a rank of a user of the second communication terminal.
 11. The information processing method according to claim 10, wherein the user of the second communication terminal is an administrator of the information processing apparatus.
 12. The information processing method according to claim 9, further comprising: associating a fourth public key with a third communication terminal; transmitting, by the first communication terminal, to the third communication terminal, third information and link information to a management device; transmitting, by the third communication terminal, the third information to the management device to thereby receive third key information from the management device; and including signature information for the fourth public key in the third key information by the first communication terminal.
 13. The information processing method according to claim 9, wherein the second communication terminal transmits, to the first communication terminal, second information and link information to the management device.
 14. The information processing method according to claim 9, wherein the first communication terminal transmits the second information to the management device to thereby receive first key information from the management device, and the first key information includes signature information for the first public key by the second communication terminal.
 15. The information processing method according to claim 9, further comprising: transmitting, by the communication circuitry, to a server, a request to acquire a confirmation flag of a key including identification information.
 16. The information processing method according to claim 15, wherein the first communication terminal confirms whether or not a value of the confirmation flag received from the server is ON, and when the value is ON, a second communication terminal causes to transmit the server a request to confirm the key including the identification information.
 17. An information processing apparatus comprising: communication circuitry configured to receive an unlocking request and first information generated based on a first secret key, from a first communication terminal, and control circuitry configured to determine whether or not to cause a locking circuit to unlock, based on a first public key corresponding to the first secret key and the generated first information, wherein in a case where second information is received from the first communication terminal, a management device transmits a request for issuing first key information to a second communication terminal, an in a case where the request for issuing the first key information is received from the management device, the second communication terminal transmits the first key information to the management device.
 18. The information processing apparatus according to claim 17, wherein the first key information further includes rank information indicating a rank of a user of the first communication terminal, and the rank information included in the first key information indicates a rank lower than a rank of a user of the second communication terminal.
 19. The information processing apparatus according to claim 18, wherein the user of the second communication terminal is an administrator of the information processing apparatus.
 20. The information processing apparatus according to claim 17, wherein a fourth public key is associated with a third communication terminal, the first communication terminal transmits, to the third communication terminal, third information and link information to a management device, the third communication terminal transmits the third information to the management device to thereby receive third key information from the management device, and the third key information includes signature information for the fourth public key by the first communication terminal. 